Fwknop and single packet authorization


 
Thread Tools Search this Thread
Special Forums News, Links, Events and Announcements UNIX and Linux RSS News Fwknop and single packet authorization
# 1  
Old 05-20-2008
Fwknop and single packet authorization

Tue, 20 May 2008 08:00:00 GMT
Protecting servers by placing them behind a firewall is a best-practice methodology for systems administrators, but it's not a panacea: those systems are still visible to network scanners such as nmap and nessus. While services like SMTP and HTTP may need to be accessible to the public, most enterprises also have private internal servers that require external access by traveling support staff. For those users, fwknop, an open source utility that provides single packet authorization, can help sysadmins hide their servers from network nasties.


Source...
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. AIX

Packet loss coming with big packet size ping

(5 Replies)
Discussion started by: Vishal_dba
5 Replies
Login or Register to Ask a Question
gss_auth_rules(5)					Standards, Environments, and Macros					 gss_auth_rules(5)

NAME
gss_auth_rules - overview of GSS authorization DESCRIPTION
The establishment of the veracity of a user's credentials requires both authentication (Is this an authentic user?) and authorization (Is this authentic user, in fact, authorized?). When a user makes use of Generic Security Services (GSS) versions of the ftp or ssh clients to connect to a server, the user is not neces- sarily authorized, even if his claimed GSS identity is authenticated, Authentication merely establishes that the user is who he says he is to the GSS mechanism's authentication system. Authorization is then required: it determines whether the GSS identity is permitted to access the specified Solaris user account. The GSS authorization rules are as follows: o If the mechanism of the connection has a set of authorization rules, then use those rules. For example, if the mechanism is Kerberos, then use the krb5_auth_rules(5), so that authorization is consistent between raw Kerberos applications and GSS/Kerberos applications. o If the mechanism of the connection does not have a set of authorization rules, then authorization is successful if the remote user's gssname matches the local user's gssname exactly, as compared by gss_compare_name(3GSS). FILES
/etc/passwd System account file. This information may also be in a directory service. See passwd(4). ATTRIBUTES
See attributes(5) for a description of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Interface Stability |Evolving | +-----------------------------+-----------------------------+ SEE ALSO
ftp(1), ssh(1), gsscred(1M), gss_compare_name(3GSS), passwd(4), attributes(5), krb5_auth_rules(5) SunOS 5.10 13 Apr 2004 gss_auth_rules(5)