Recent Advances in Single Packet Authorization

Presented at HOPE Number Nine (2012), July 15, 2012, 10 a.m. (60 minutes).

Single Packet Authorization (SPA) is a security technology whereby vulnerable services are protected behind a default-drop packet filter and temporary client access is granted via passive means. This talk will present recent advances in the open source “fwknop” SPA project, including clients for Android and the iPhone, support for the PF firewall on OpenBSD, the ability to seamlessly integrate SPA into cloud computing environments with the new FORCE_NAT mode, and deploying fwknop on embedded systems with limited computing resources. In addition, some discussion will be devoted to other SPA implementations and the various tradeoffs that must be made by any project that provides either port knocking or SPA functionality.


Presenters:

  • Michael Rash
    Michael Rash is author of the book Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort, published by No Starch Press, and holds a master’s degree in applied mathematics with a concentration in computer security from the University of Maryland. He is a frequent speaker at computer security conferences, and is the founder of cipherdyne.org, an organization dedicated to open source security technologies. In his free time, Michael leads the development of the psad, fwsnort, and fwknop security projects.

Links:

Similar Presentations: