Web application
There are various options for protecting your web application using Knocknoc
- Local Linux firewall orchestration on the host (eg:
usingusing IPSets) - In-line firewall/control device orchestration (Fortigate, etc), via an adjacent Knocknoc Agent deployment
- HAproxy can sit in front of the web application(s) and forward authorised
traffictraffic - Public cloud orchestration (AWS, Azure)
One major advantage of Knocknoc particularly for legacy web applications without single-sign-on or where shared passwords are forced (eg: ICS/OT network equipment, embedded systems, soho routers etc) is that SSO and MFA are quickly added to these back-ends without change.
If you have an embedded web server that only supports a single username/password, this can remain static and not be known to the connecting users. Only after the users have logged in to the IdP and conducted MFA or other policies, are they able to access the web application or service, providing you full user-level attribution and protecting the static credentials which remain unknown to the users within your configuration.
Additional token security can be added to further restrict access beyond the connecting users IP address.
Talk to us about your needs as we have likely implemented it for other customers.