I already mentioned how I like stuff like port knocking. It can't be used as replacement for other security measures, but it's a nice way to keep important stuff out of radar. Imagine if you had some SSH daemons remotely accessible when that OpenSSL PRNG crisis started. I saw lots of admins running to replace flawed keys for servers because of that. If those daemons were hidden behind some portknocking stuff, it wouldn't be necessary to rush.Today I read some interesting stuff about SPA, or Single Packet Authentication, to protect SOA resources published on the web. I must say that it's a nice way to avoid too much attention on them. It would be nice to see this being integrated into frameworks.