From a risk management
viewpoint we balance the likelihood that an exploit for the newly discovered vulnerability
will appear before a patch is available against the necessity of continuing to run the
vulnerable service. It is always wisest to assume that someone will discover or learn of
the same vulnerability we are investigating before the vulnerability is patched. With that
assumption in mind, the real issue boils down to whether it is worth the risk to continue
running the application, and if so, what defenses might be used. Port knocking and various
forms of migration may be useful in these circumstances.
Port Knocking
Port knocking is a defensive technique that can be used with any network service but is
most effective when a service is intended to be accessed by a limited number of users. An
SSH or POP3 server could be easily sheltered with port knocking, while it would be difficult
to protect a publicly accessible web server using the same technique. Port knocking is
probably best described as a network cipher lock. The basic idea behind port knocking is
that the port on which a network service listens remains closed until a user steps through a
required knock sequence. A knock sequence is simply a list of ports that a user attempts to
connect to before being granted permission to connect to the desired service.
Pages:
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842