Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 3 subscribers
  • Views 4910 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port Knocking or Single Packet Authentication

BarryG
Does anyone have Port-Knocking or SPA setup on their firewall?

I'm going to be traveling and it is unlikely that I'll be able to use my laptop or bootable media (USB keys or CDs) in the internet cafes.
I'm speaking from experience; the cafes where I'm going are very strict due to government policy.

Since I don't trust the PCs in the cafes not to have key loggers, etc., I am hesitant to access my webmail without some extra protection.

The SSL VPN client might help (although it still suffers if there's a key logger), but I'm not running v7 and my understanding is admin privs on the client PC are needed to install the SSL VPN client anyways.

I've also looked at setting up OPIE or another one-time-pad system on the webmail server, but it doesn't appear to be straightforward.

Port knocking looks to be the simplest to setup.

Thanks,
Barry


This thread was automatically locked due to age.
  • 0 in reply to BrucekConvergent
    To answer your question, yes the Astaro secure client can integrate with smart card or token products.  On the Astaro end, you would use the RADIUS authentication module to connect with a token server.


    Does Astaro support using local AND radius authentication?
    e.g. does the local admin or other local accounts still work if you have a radius server enabled?

    Incidentally, I may be getting a RSA token soon, and I _might_ be able to connect to the company server.

    Thanks,
    Barry
  • 0 in reply to BarryG
    You can use multiple authentications methods, just make sure the query order (Users > Authentication > Advanced tab) makes sense- generally the most commonly used methods first.
  • 0 in reply to Jack Daniel
    What Jack said.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Can I have local auth, plus a radius server which is across a site-to-site vpn connection?
    If the vpn goes down, local logins should still work, right?

    Thanks,
    Barry