The non-standard port is of trivial value, but it's practically zero cost- that'... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

jonfw on Sept 11, 2020 | parent | context | favorite | on: Security by obscurity is underrated

The non-standard port is of trivial value, but it's practically zero cost- that's why it's used. Port knocking doesn't have that benefit- you're establishing another secret that has to be maintained and accessed- but unlike key based auth or passwords- that secret is insecure in transit and unwieldy to use.

If you want to add another layer and manage another secret- why not just add another layer of the lower-friction and more secure methods we already use to establish secret-based auth?

TillE on Sept 11, 2020 [–]

Which comes all the way around to: a VPN sounds like a better option in every respect. More secure, universally supported.

I think the main reason you'd use port knocking is because it's fun and cool.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact