Advanced Search
Search Results
74 total results found
Documentation
User Guide
For end-users of Knocknoc
Admin Guide
For administrators of Knocknoc. Please start with the introduction
Changelog and Roadmap
Info about Knocknoc releases
Use Cases
Backends
Backends are software interfaces that the Knocknoc Agent can connect and interact with. Select a backend that suits your use case.
Authentication
A guide on configuring the various authentication methods for Knocknoc
ACLS
ACLs allow you to assign a name to an argument for a backend, which is then assigned to a Group
Troubleshooting
What can go wrong, will.
Setup Guides
All the guides to configure and Install Knocknoc server for first use.
User Guide
Welcome to the Knocknoc User Guide. This will cover basic operations including logging in, logging out and troubleshooting. If you're looking for information on installing or administering Knocknoc, please check out the Admin Guide. Logging Into Knocknoc Kn...
Use Cases (overview)
Knocknoc use cases Knocknoc is extremely versatile and can enable just in time network access control and solve many use cases across various industries and technologies. SSH Bastion hosts: Network based IP allowlisting: add MFA, link in your IdP, remove t...
Server Installation
For the admin who knows what they need and needs a fast way to get it, you can use this command to setup and install your Knocknoc server very quickly. curl -sSL https://packages.knocknoc.io/setup/setup_knocknoc.sh | bash The installer runs on Debian, Ubun...
Agent Installation
For the admin who know what they need, and needs a fast way to get it, you can use this command to setup and install knocknoc-agent very quickly. Browse to https://YourKnocknoc.url/admin and login with the knocknoc-admin user. Click on Agents then Create A...
Web applications (layer-7 filtering)
There are various options for protecting your web application using Knocknoc Local Linux firewall orchestration on the host (eg: using IPSets) In-line firewall/control device orchestration (Fortigate, etc), via an adjacent Knocknoc Agent deployment HAprox...
HAProxy
HAProxy is a fantastic reverse proxy with a massive amount of features. Knocknoc has supported HAProxy for years, and integrates with it natively. HAProxy can be a little confusing at first due to its wide array of options and implementations, but for now we'l...
AWS (EC2) Security Groups
Knocknoc can easily connect to AWS using common utilities and IAM credentials, and update the allowed IP dynamically. The agent ships with a script built in for this already, which requires credentials placed where the agent can read them. Backend for AWS Se...
Script Any Arbitrary Backend
The "script" backend type is simply a script the agent can execute that takes a fixed set of arguments. Action: add (to grant access), del(to revoke access) or flush(to empty/reset the whole ACL); ACL (or "set name"): the name of the ACL for validation, or...
IPSet (Linux Netfilter/IPTables)
IPsets are a powerful and highly efficient way of making a dynamic firewall on a normal Linux machine. A native feature of the Netfilter code, an IPset is an in-memory list of IPs, that can be referenced in any fireawall rules. Knocknoc can add and remove IPs...
VOIP
Having roaming users be able to use a handset from home, and protect your PABX from brute force attacks and other threats is a great feature of Knocknoc. Users are able to have a handset on their home internet connection, and just login for the day, and their ...
AWS Infrastructure
Knocknoc ships with a script for updating security groups in AWS. Checkout the backend documentation here: https://docs.knocknoc.io/books/admin-guide/page/aws-ec2-security-groups This includes an IAM role for updating the security group. This approach allow...
Video
Streaming low-latency video is a challenge for firewalls and VPNs, and Knocknoc is an excellent solution. The ipset backend script is a great tool to allow things like SRT or RTMP to select IPs. The Knocknoc demo includes an RTMP example, where the backend ...
Remote Desktop, simple small business example
A small business sought a cost-effective, secure remote access solution for their remote desktop servers.They relied on a Linux-based edge firewall, using port forwarding to direct RDP traffic to internal machines. Although they utilized high, non-standard por...
SSH
Use Case: Eliminating SSH Attack Surface in a Distributed Environment A large distributed enterprise needed to eliminate the attack surface of its Internet-facing SSH servers - without adding latency, changing its network architecture, or compromising on secu...
v6.0.0
We're excited to announce the release of Knocknoc 6, a major leap forward in attack surface reduction, implemented at speed. This release brings a host of new features and improvements that make Knocknoc even more efficient, user-friendly, and adaptable withi...
LDAP
Knocknoc can authenticate users to an LDAP server like Active Directory, by attempting to bind as that user with their password. This is useful when you have an on-premise LDAP server, and want to allow users to have a single password to manage. Knocknoc conf...
SAML
SAML is an in-depth topic, however it represents the best option for securing users, and providing centralized user management. There are many SAML providers, and no single convention on configuration and implementation. Knocknoc is tried and tested with a few...
SAML Principles and Terms
An overview of SAML principles and key terms to help you effectively configure and manage SAML with Knocknoc. What is SAML? SAML is an open standard for exchanging authentication data between parties, specifically between an identity provider and a service p...
SAML with Jumpcloud
The following example assumes your Knocknoc instance is located at https://demo.knoc.cloud. Wherever you see that, please substitute it for your own instance URL. Setting Up the IdP Creating An Application Login to your JumpCloud tenant as an administra...
SAML with EntraID (Azure AD)
The following example assumes your Knocknoc instance is located at https://demo.knoc.cloud. Wherever you see that, please substitute it for your own instance URL. Setting Up the IdP Create an Application Navigate to the Microsoft Entra admin center and lo...