CompTIA Security+ Exam Notes

CompTIA Security+ Exam Notes
Let Us Help You Pass
Showing posts with label Network Security. Show all posts
Showing posts with label Network Security. Show all posts

Saturday, December 7, 2024

Port Knocking: A Stealthy Approach to Secure Network Access

 Port Knocking

Port knocking is a network security technique where a user gains access to a specific port on a server by sending a predefined sequence of connection attempts to a set of closed ports on the system, essentially "knocking" on the correct ports in the right order, which then triggers the firewall to open the desired port for communication, effectively hiding the accessible ports from unauthorized users by making them appear closed during a standard port scan; this provides an extra layer of security by only allowing access to those who know the exact "knock" sequence.

How it works:

  • Closed Ports: The system initially has all the intended access ports configured as closed on the firewall.
  • Knock Sequence: A specific sequence of connection attempts to different closed ports is defined as the "knock."
  • Monitoring Firewall Logs: A dedicated daemon on the server monitors the firewall logs for the correct sequence of connection attempts.
  • Access Granted: Once the correct sequence is detected, the firewall rules are dynamically updated to open the desired port for the originating IP address, allowing access for a specified duration.

Benefits of Port Knocking:

  • Reduces Port Scanning Detection: Since no open ports are visible during a standard port scan, attackers are less likely to identify potential vulnerabilities.
  • Enhanced Security: The system requires a specific "knock" sequence, so only authorized users with the correct knowledge can access it.
  • Stealthy Access: The protected ports remain hidden from unauthorized users, making it harder to target them.

Key Points to Consider:

  • Complexity: Implementing port knocking can be complex and requires careful configuration to avoid accidental lockouts.
  • Limited Protection: While effective against basic port scans, advanced attackers may still be able to identify and exploit a port-knocking system through more sophisticated techniques.
  • Man-in-the-Middle Attack Vulnerability: A potential risk is a man-in-the-middle attack, in which an attacker intercepts the "knock" sequence and gains unauthorized access.
This is covered in Pentest+.

Posted by at No comments:
Labels: , , , , , , , , ,

Thursday, October 17, 2024

Understanding SNMP Community Strings: A Key to Network Security

 SNMP Community String

An SNMP community string is a password that allows devices to communicate with each other and access a device's statistics:

  • Purpose: A security password that controls access to a device's statistics
  • How it works: A user sends the community string along with a GET request to access a device's statistics
  • Types: There are three types of community strings: read-only, read-write, and trap
  • Use: SNMP community strings are used by devices that support SNMPv1 and SNMPv2c
  • Default: Most devices have a default community string, often set to "public."
  • Importance: It's essential to change the default community string to maintain device and network security
SNMPv3 provides network security. All three provide device communication.

During device setup, network managers typically change the default community string to a customized value. If the user has read/write/all access authority, the community string can be set using CLI or modified through Enterprise Device Manager (EDM).

Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)