Port knocking / Saadiah Yahya and Mohamed Sulaiman Sultan Suhaibuddeen

Around the globe, network administrators are challenged to balance flexibility and security elements when designing and maintaining their network infrastructure. Firewalls are a long-standing basic security measure that organizations use to isolate networks from the Internet. Whether it's a stand-alone appliance firewall like CheckPoint, one of the various host-based systems such as ZoneAlarm, or the Windows Firewall system included with Windows XP Service Pack 2, these devices go a long way toward protecting networks from unwanted traffic, including viruses, Trojans, and hackers. A firewall should provide some form of shield against malfeasant motives by adding an extra layer of network security allowing trusted and authorized users to connect through. Unfortunately, it is not as easy as it sounds: it is a tough task to come up with a mechanism to distinguish the bad guys, because filtering on the basis of IP addresses and ports does not differentiate connecting users. Bad guys possible and do come from trusted IP addresses. On the other hand, open ports remain a consciously known vulnerability. Building up a very secure rule sets and policies alone appear insufficient. Port Knocking a method of establishing a connection to a secured network or computer within a network that does not have an open port is the answer. A remote device sends a series of series of connection attempts in the form of packets, to the computer's closed ports, and the attempts are silently ignored but logged by the firewall. When the remote device has established the predetermined sequence of port connection attempts, a daemon triggers a port to open, and the network connection is established. An advantage of using a port knocking technique is that a malicious hacker cannot detect ifa device is listening for port knocks. Having port knocking alone to handle a high secure site is not sufficient, therefore, combining it with another technology called "Wake-On-LAN" (WOL) definitely will synergize the outcome. This research is investigating the Port Knocking technology on the protected system and determines whether interaction between Wak-On-LAN and Port Knocking can offer a better-synergized security system. The effectiveness and practicality of having another layer of protection for the server in DMZ area using this method on the firewall, and more broadly measures the performance and resources usage impact of the server involved in the study is exploited. This include investigating the way how the firewall have the intelligence to avoid log rotate issues, how the firewall have the intelligence to tell whether the server is already alive or idle, and also the firewall know when is the correct time to drop all the remote connection to the server and later suspend the server.