I already mentioned how I like stuff like port knocking. It can't be used as replacement for other security measures, but it's a nice way to keep important stuff out of radar. Imagine if you had some SSH daemons remotely accessible when that OpenSSL PRNG crisis started. I saw lots of admins running to replace flawed keys for servers because of that. If those daemons were hidden behind some portknocking stuff, it wouldn't be necessary to rush.Today I read some interesting stuff about SPA, or Single Packet Authentication, to protect SOA resources published on the web. I must say that it's a nice way to avoid too much attention on them. It would be nice to see this being integrated into frameworks.
Portknocking, SPA and SOA
Portknocking, SPA and SOA
Portknocking, SPA and SOA
I already mentioned how I like stuff like port knocking. It can't be used as replacement for other security measures, but it's a nice way to keep important stuff out of radar. Imagine if you had some SSH daemons remotely accessible when that OpenSSL PRNG crisis started. I saw lots of admins running to replace flawed keys for servers because of that. If those daemons were hidden behind some portknocking stuff, it wouldn't be necessary to rush.Today I read some interesting stuff about SPA, or Single Packet Authentication, to protect SOA resources published on the web. I must say that it's a nice way to avoid too much attention on them. It would be nice to see this being integrated into frameworks.