|
|
|
|
|
|
by notyourday
2621 days ago
|
|
|
The lame version of port knocking that solves 99.9% of issues. 1. Default policy for access to all of the development environment is deny all. 2. A developer triggers a temporary addition of developers current address to the allow list with an idle timer, punching a hole for developer's edge IP to access the infrastructure. 3. When the idle timer expires or when the developer says "i'm done", the allow rule is removed. Obviously, a full blown port knocking with keys and policies would be better for a large organization with hundreds of developers and hundreds of hosts but it is the case where 99.9% of the issues can be solved using a very simple system as in order to get to the vulnerable entry point the attacker would need to do it from an IP address used by a developer at that specific time. |
|
|