You Can Hide So SOA Won't Run

Single Packet Authorization is an ultra-secure variation on port knocking. This security technique may be the best way to make your SOA services invisible to all but authorized clients.

Wed, August 06, 2008CIO As stated in my previous blog entry, one of the best ways to secure SOA services is to hide them behind a port knocking firewall. Port knocking makes your system appear as if it offers no services at all. Any cracker who comes a-knocking' will either conclude that nobody is home, or that your administrators are smart enough to make access so difficult it's not worth the trouble to try to break in.

There is an even better way to hide your SOA services so they appear invisible to anyone except legitimate clients. It's a variation on port knocking called Single Packet Authorization. As a variant, Single Packet Authorization shares one of the best features of port knocking. It allows you to configure your servers to appear as if it offers no services, hence, nothing to be cracked. It only makes services visible to legitimate clients after they prove that they are authorized to access them.

Single Packet Authorization is pretty simple in concept. A legitimate client—say, your SOA client software—wraps up key authorization information into a single encrypted message. The client sends the message to your protected server. The server appears to reject the message. Behind the scenes, however, it decrypts the message, verifies that it is legitimate and then opens up access to the client for a short period of time (perhaps 30 seconds). Your client establishes a connection to the SOA services and proceeds to do its work. The connection will persist so that your SOA components continue to work even after the 30- second window closes.

Here are a couple reasons why single packet authorization is superior to port knocking alone. As you may recall, port knocking works like a combination lock. When a cracker tries to dial any given number on the combination lock, it will fail, and your server will continue to appear as if it doesn't even have any services to protect. But when a legitimate client dials in the right combination, your server will open up SOA access to that client, and to that client only.

While the likelihood of anyone cracking the combination is negligible, it is nevertheless possible. The good news is that crackers won't do it by chance. They have better odds of winning the lottery. But a highly skilled and persistent cracker with the right equipment in the right location on the network might be able to guess that you are using port knocking and then "look over your shoulder" to discover the sequence as you dial in the combination. Unlike port knocking alone, single packet authorization is nearly impossible to crack, even if you have the best sniffer connected to an ideal location in the network.

Loading...
Security MarketSpace
White Papers
5 Tips for Data Loss Prevention Solutions
RSA® The Security Division of EMC has identified 5 key considerations to help organizations simplify the evaluation process for selecting a DLP solution that is right for their business. Learn more »
Secure Training Videos to Prevent Theft
Learn how Dream Force extended their marketing reach without being constricted. Learn more »
Prevent Intellectual Property Theft
Learn what the key components were in Hock International's purchasing decision. Learn more »
Webcasts
Managing Client Systems in the Enterprise
Why Data Loss is Increasing--and What You Can Do About It
Maximizing the Business Value of the PC Infrastructure
Reduced IT budgets have CIOs hunting for ways to maximize their PC infrastructure, while saving money and IT staff time. Diane Bryant, CIO of Intel Corp., talks with CIO magazine's Gary Beach about how her organization is addressing these challenges. Learn more »
 
SPONSORED LINKS
 

Data Loss Prevention: A Better Way to Approach Security

Software Executives: Take Control of Your Organization's Code Quality

Delivering Secure and Reliable Data through Spreadsheet Automation

Taking the Service Desk to the Next Level

Why Data Loss is Increasing--and What You Can Do About It

Communications and Collaboration Needs at Business Organizations

Using Open Source to Deploy Web Applications

Mid-Sized Company CIO Community: infoBOOM!

Enterprise PBX Comparison Guide

Getting Value from Outdated Networking Equipment

Accenture IT Consulting: Logical meets technological. More . . .

White Paper: 8 Key Ingredients to Building an Internal Cloud

Read about virtualization and consolidation effort best practices

Building the Virtualized Enterprise with VMware Infrastructure

Top 10 Business and IT Drivers for the Wealth Management Sector

Bottom-Line Benefits of Virtualization

White Paper: The Building Blocks for Cloud Computing

Oracle's Application Grid Technical Demo

Next-Generation Application Servers and Infrastructure

Application Infrastructure at Enterprise Organizations

Achieving Business Agility with Application Grid

Learn about The Information Technology Infrastructure Library.

Achieving Pervasive Performance Management

Gartner Shares Predictions for 2009

64-page prescriptive guide to security, compliance, and IT operations.

Stop Application Fraud at the Source with Device Reputation

Ready to Act: 3 Recommendations for Agile Processes

Automating the Generation and Secure Distribution of Excel Reports

Seven Ways ITIL Can Help You in an Economic Downturn

Maximizing the Business Value of the PC Infrastructure

Learn how to managing client systems in the enterprise.

Cloud Computing: Read about VMware's compelling vision & set of products

Enterprise PBX Buyer's Guide

Secondary Market Primer: Your Network at Half Price

Top-line Performance that's Bottom-line Efficient

Accenture: Outsourcing for uncertain times. Click to learn more.

Learn about the VMware vSphere (TM) & Intel (R) Xeon (R) Processor 5500 Series

Learn how a virtualized enterprise can help your company reduce costs

Why Isn't Server Virtualization Saving Us More?

8 Key Ingredients to Building an Internal Cloud

Data Center Optimization: Three Key Strategies

A CIO Executive Guide: Cloud Computing Looms Big on the Horizon

Oracle WebLogic Server Technical Demo

Data Grids and Service-Oriented Architecture

Achieving the Impossible: Unlimited Application Scalability

A Middleware Foundation for Application Grid

Tips for successful virtualization management.

Smart Decisions: The Role of Key Performance Indicators

Reduce risk, gain agility. See how Progress can help your business.

Improve ROI, lower TCO and reduce energy consumption.

 
 
RESOURCE CENTER
 
buy a link »
Ads by TechWords