Next: Preparation, Previous: Top, Up: Top [Contents][Index]
The “Firewall Knock Operator Library” (libfko) is a C language library that implements the functions needed to create and/or parse Single Packet Authorization (SPA) data. It is designed to abstract the details of encoding, encryption, decoding, parsing, and verifying SPA messages such as those used by Michael Rash’s Firewall Knock Operator (fwknop).
fwknop implements SPA; an authorization scheme that requires only a single encrypted packet to communicate various pieces of information including desired access through an iptables policy and/or specific commands to execute on the target system. The main application for a program of this type is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult.
libfko is not an implementation of an fwknop client or server. It simply provides the functions for managing the SPA data used by those programs.
For more information on fwknop and SPA, go to http://www.cipherdyne.org/fwknop.
• Getting Started: | Purpose of the manual, and how to use it | |
• Features: | Reasons to install and use libfko | |
• Overview: | Basic architecture of the libfko library |