Hi Shawn. port knocking will only delay a pro for a few hours at best, than they will authenticate and get the data. Not very useful in your case. Having mentioned the end users using laptops, this brings up a big (commy) red flag. What if the laptop is allready stolen ??, browser caches checked, data and passwords taken. Using a vpn with a single-use-password system combined with a fully encrypted filesystem on the laptops would be a far better solution than monkeying around with port knocking and whatnot.
Cheers Szemir On January 11, 2005 02:09, Shawn wrote: > Hoping someone can help me out. > > A client has a web application that they want to make accessible to their > employees via the web (of course). The catch is that the app has critical > business data that CANNOT become available to script kiddies and/or the > competition. (There is a login routine, via the database, but I don't > trust that on it's own with this data). > > So, the options as I see them are to use a VPN solution only, bring in an > SSL certificate and use HTTPS (though this doesn't really stop the script > kiddies - just sniffers), or maybe use port knocking. > > When I explained port knocking, the client seemed rather keen (even though > I told him it's a relatively new technology). The questions I have to find > out now is what it would take to get this set up, in such a way that field > users can connect via their laptops. Does anyone have any experience with > Port Knocking? I know enough to know what it is, but that's about it. > > Or would this situation be best suited to a VPN? > > Thanks for any input. > > Shawn > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
