Another Firefox plugin idea.
I love Internet Security. I love reading about it and thinking about it. There's a technology that's been on the horizon for a couple of years that hasn't picked up steam called, "Port Knocking"http://www.portknocking.org/.
I like to be able to connect to my systems at home via SSH, but opening firewall ports can create a headache. Like the time I got 30,000 emails to my mindspring email account b/c I was getting ping attacks from China. Yes, that's correct, 30,000. I couldn't login to my webmail nor send/receive. So I had to hurriedly connect via POP and download/delete the whole batch of messages saying "ALERT: Connection Attempt Failed..."
Back for port knocking...
So having a firewall with SSH open to the public makes me uneasy. What can be done to mitigate this? Well beyond closing all SSH to public is an option, but then that means I can't grab a file or do something I want from anywhere.
A solution idea: blend port-knocking and SSL to make a dynamic firewall that appears like a blackhole to requests unless a special and specific request is made. Then the firewall opens the desired ports to that IP Address alone for a short period. Initially I thought a port knocking Firefox plugin would be cool. Install and it remembers port-knock sequences for you and just bring up the target servers and it will negotiate and get you in. But now I think combining a port knock sequence with a client certificate or some sort of PKI messagfe would offer very good security and make it hard to watch port knocks and copy them. I'll keep thinking.
I like to be able to connect to my systems at home via SSH, but opening firewall ports can create a headache. Like the time I got 30,000 emails to my mindspring email account b/c I was getting ping attacks from China. Yes, that's correct, 30,000. I couldn't login to my webmail nor send/receive. So I had to hurriedly connect via POP and download/delete the whole batch of messages saying "ALERT: Connection Attempt Failed..."
Back for port knocking...
So having a firewall with SSH open to the public makes me uneasy. What can be done to mitigate this? Well beyond closing all SSH to public is an option, but then that means I can't grab a file or do something I want from anywhere.
A solution idea: blend port-knocking and SSL to make a dynamic firewall that appears like a blackhole to requests unless a special and specific request is made. Then the firewall opens the desired ports to that IP Address alone for a short period. Initially I thought a port knocking Firefox plugin would be cool. Install and it remembers port-knock sequences for you and just bring up the target servers and it will negotiate and get you in. But now I think combining a port knock sequence with a client certificate or some sort of PKI messagfe would offer very good security and make it hard to watch port knocks and copy them. I'll keep thinking.
posted by blasterpal at 12:25 PM
0 Comments:
Post a Comment
<< Home