undefined | Better HN

0 pointsdugite-code6mo ago0 comments

IMHO Fial2ban, just like port knocking, isn't cargo cult security. They are a single tool that can be included in a general system security arsenal, not the only tool you should use but one of a suite of tools that can be used depending on what you want to achieve.

Personally I use fwknop for port knocking as it doesn't suffer from replay attacks as it's an encrypted packet. But still serves the same niche

0 comments

akerl_6mo ago

The point being made is that unless "what you want to achieve" is "run a tool that isn't improving your security posture", port knocking isn't providing value to the security model.

Hence the cargo cult.

dugite-codeOP6mo ago

I can't agree that it's "a tool that isn't improving your security posture", if it's a layer on top of other tools, you might argue it's effectiveness isn't great but to say it's effectively nothing is a reach.

akerl_6mo ago

It’s not nothing: it’s one more thing that can break or eat resources or have a vuln. And it’s not improving the thread model. It’s net negative.

DaSHacka6mo ago

How is it not improving the threat model to not have a service directly connected to the internet, but instead put behind a layer of protection?

j / k navigate · click thread line to collapse

0 comments

akerl_6mo ago

The point being made is that unless "what you want to achieve" is "run a tool that isn't improving your security posture", port knocking isn't providing value to the security model.

Hence the cargo cult.

dugite-codeOP6mo ago

akerl_6mo ago

It’s not nothing: it’s one more thing that can break or eat resources or have a vuln. And it’s not improving the thread model. It’s net negative.

DaSHacka6mo ago

How is it not improving the threat model to not have a service directly connected to the internet, but instead put behind a layer of protection?

j / k navigate · click thread line to collapse