Security

Use the Fire.rb library to write port knocking scripts in Ruby

Those of us who have been involved in network security professionally for a while should know something about port knocking. For those of you who aren't familiar with it, port knocking is a means of providing an extra layer of security via your firewall. The better firewalls are able to keep ports closed against outside attempts to connect unless a set of connections attempts are made to a predetermined list of ports in a specific order — or, at least, they provide the means of implementing port knocking through some additional utility.

In other words, port knocking is like a secret knock, where you knock on a door a certain number of times with some recognizable pauses between some of the individual knocks, producing a pattern that can be used to identify the person on the other side. This can help solve the problem of needing to allow connections to a commonly used port, such as port 22 for SSH, without just leaving the port open for any schmuck in the world to start bombarding it with connection attempts in a brute-force attack on your user passwords.

Not only does this help cut down on the likelihood that a user account that accepts remote connections can be compromised by a brute-force attempt to crack security, but it also eliminates a lot of opportunity for denial-of-service attacks because it will be more difficult for an attacker to find an open port to attack.

I'm not here today to tell you how to set up port knocking for your firewall using some network administrator tool such as The Doorman. This post is for the people writing their own code to enforce security procedures. In particular, this is for Ruby programmers who need (or want) to implement their own port knocking solution. As of September 20, version 1.0.0 of the Fire library has been released, and it makes writing code for port knocking solutions stunningly easy.

The whole thing is deceptively simple to use. To create a class containing the code necessary to validate a port knocking sequence and perform some task when that sequence is successfully supplied to your firewall system, you might write something like this:

  require 'fire' class PortButler < Porter

  def initialize(*arr)

  super(*arr)

  end

def rules(pkt)

  return true if pkt.to_s =~ /192.168.0.10/

  false

  end

def accept(pkt)

  puts "Success!" # do something

  end

  end

portal = PortButler.new(17, 2200, 77, 139)

The firewall configuration needed to make this work will, of course, vary from system to system, depending on the type of firewall you're using. It should be pretty obvious from the above example, though, that writing your port knocking management code is a breeze with the addition of Fire.rb to your security scripting repertoire.

If you're a Ruby programmer who hasn't looked into scripting security solutions for your systems before, this may nudge you in new and interesting directions. Give it a try, and see what you can learn while you do so.

If, on the other hand, you're an old hand at scripting security solutions for your firewalls, proxy servers, and other network resources, this may be worth pursuing as a means of making your job easier — and capturing your interest in learning the elegant little language that everyone's talking about as the Next Big Thing in Web development.

Let me know how it works out for you.

About Chad Perrin

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

Editor's Picks

Free Newsletters, In your Inbox