[chanalku91]

A few days ago I received a message from SkyLake-X7 that filled the message
RSA security will not be enough to make your server safe!
So Use Port Knocking!

I Ask What Is Port Knocking?
And how does it work? What are the benefits after I install it?

For You => I'm not satisfied if I haven't got a definite answer!

[youssefbasha]

Umm, what is SkyLake-X7?
And how they knew something about ur security?

[chanalku91]

Umm, what is SkyLake-X7?
And how they knew something about ur security?

SkyLake - X7 is a secret Team of Indonesian Origin Hackers That Currently Only Brought Cyber Criminals!

They know about my security because they use special software to find bug / error in the server operating system!

They did not tell me how their software worked

[Manal]

"In computer networking, port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports." - Wikipedia

So as far as I can understand, it is not any software or package but a method to remotely open a closed port by exploiting the firewall.

[Mashiro]

I don't really have anything to add to this. @Manal has already posted a very easy explanation from Wikipedia. Not much to add imho. A bit more background information is probably that for this process a special service is necessary that listens to what happens on the network of your VPS to identify the knocking and modify the firewall to open the SSH port once the right ports have been knocked.

A few tutorials:
- https://www.linuxbabe.com/security/secur...ian-ubuntu
- https://tecadmin.net/secure-ssh-connecti...ing-linux/

And for once actually read the tutorial fully and carefully or you will simply fail at an instant and lock yourself out. If you plan on setting this up you have to set it up from a emergency console because your SSH port will obviously be closed during the guide and will only open later on when you start knocking the ports.

Keep your server up to date. Use SSH public key authentication only and use a passphrase on your keys.

[rudra]

I don't think port knocking in itself is a great security enhancement. People can find out your sequence easily if they can intercept your traffic. So you need an independent second channel or some other way to vary the sequence. I would rather use ssh with security certificates than this blasted thing.

Also your security depends on a lot of trust, explicit and implicit, between a lot of parties. Cause in modern computers so many things work together that it is impossible for one man or a single group to keep tab on everything. from the firmware routine/small control/watchdog os always there running on its own processor inside your processor to your bios/boot up routine to OS core codes and drivers to various programming environments and coexisting softwares, it is a lot of code working together at various steps. I so hope this vision will help people understand how fragile this security really is. But it never does.

And they end up thinking that using port knocking is gonna improve it a lot.

[chanalku91]

I don't think port knocking in itself is a great security enhancement. People can find out your sequence easily if they can intercept your traffic. So you need an independent second channel or some other way to vary the sequence. I would rather use ssh with security certificates than this blasted thing.

Also your security depends on a lot of trust, explicit and implicit, between a lot of parties. Cause in modern computers so many things work together that it is impossible for one man or a single group to keep tab on everything. from the firmware routine/small control/watchdog os always there running on its own processor inside your processor to your bios/boot up routine to OS core codes and drivers to various programming environments and coexisting softwares, it is a lot of code working together at various steps. I so hope this vision will help people understand how fragile this security really is. But it never does.

And they end up thinking that using port knocking is gonna improve it a lot.

I've been expecting it !
I have prepared more defense on my server!
Install PrivateKey ED25519, Using Two-factor Authentication, Even You Must Guess Your Username On My Server Because User Root Doesn't Allow To Enter

[Mashiro]

The Intel Management Engine is a hidden fully blown OS stack on ring -2 inside all Intel CPUs. It operates on an entirely different level. The BIOS/EFI/UEFI nor your normal OS knows of its existence and isn't able to control it (other than firmware updates for it). It even operates when your computer is shutdown. What does it do? It takes care of a lot of low level tasks that you don't even know about in the background and also security stuff. The thing is that this hidden OS has full access to the BIOS/EF/UEFI and your OS and can do whatever it simply wants... without your OS or you knowing about it. It has more access THAN YOU DO!

The worst to come is that it has security holes that allow to gain access to it and perform remote code execution even when your PC is turned off (of course still needs to be connect to power and is connected to the network). So all your OS security is absolutely worthless... thanks to this backdoor that you can't control (well, if you use its security holes you can) normally. Isn't that great?

And should we talk about the security holes that are hardware based? Like all this issues with CPUs? The x86 CPU architecture is quite like a swiss cheese.

https://www.youtube.com/watch?v=aFs9Yu2QQcg
https://www.youtube.com/watch?v=JMEJCLX2dtw
https://www.youtube.com/watch?v=W3FbTMqYi4U
https://www.youtube.com/watch?v=ubmKdOMRhLk

The legend: https://www.youtube.com/watch?v=KrksBdWcZgQ

[chanalku91]

The Intel Management Engine is a hidden fully blown OS stack on ring -2 inside all Intel CPUs. It operates on an entirely different level. The BIOS/EFI/UEFI nor your normal OS knows of its existence and isn't able to control it (other than firmware updates for it). It even operates when your computer is shutdown. What does it do? It takes care of a lot of low level tasks that you don't even know about in the background and also security stuff. The thing is that this hidden OS has full access to the BIOS/EF/UEFI and your OS and can do whatever it simply wants... without your OS or you knowing about it. It has more access THAN YOU DO!

The worst to come is that it has security holes that allow to gain access to it and perform remote code execution even when your PC is turned off (of course still needs to be connect to power and is connected to the network). So all your OS security is absolutely worthless... thanks to this backdoor that you can't control (well, if you use its security holes you can) normally. Isn't that great?

And should we talk about the security holes that are hardware based? Like all this issues with CPUs? The x86 CPU architecture is quite like a swiss cheese.

https://www.youtube.com/watch?v=aFs9Yu2QQcg
https://www.youtube.com/watch?v=JMEJCLX2dtw
https://www.youtube.com/watch?v=W3FbTMqYi4U
https://www.youtube.com/watch?v=ubmKdOMRhLk

The legend: https://www.youtube.com/watch?v=KrksBdWcZgQ

I have used the latest handware!
So I don't mind this!
But a worse possibility will occur!

[Mashiro]

I have used the latest handware!
So I don't mind this!

"Good" for you.

The latest hardware is still full of serious issues that are far from fixed. Especially Intel is currently not able to get a handle on their situation. Security researchers keep discovering new and new security hardware issues even on their newest CPUs. AMD has it better... but we all know that the server market is strongly dominated by Intel.

And the Intel ME (and the AMD part of this software) might still have some serious undiscovered holes. The old holes aren't even patched everywhere because Intel doesn't provide patches for all of their CPUs.