Search Results

Knocknoc can orchestrate Amazon AWS Security Groups, which essentially provide network level firewalling across various asset types, including EC2 VMs, meaning just-in-time network exposure (and access) for authenticated users, tied to your IDP not to AWS IAM ...

The "Custom Script" Knoc type is simply a script the agent can execute directly on the Agent machine. Linux is supported today, and not Microsoft Windows. Note that for security reasons this is disabled by default when installing a new Agent. See config below...

Linux comes equipped with a built-in native firewall which Knocknoc orchestrates via "IPSets". IPSets are a powerful and highly efficient way of making a dynamic firewall on a normal Linux machine. A native feature of the Netfilter code, an IPset is an in-memo...

Having roaming users be able to use a handset from home, and protect your PABX from brute force attacks and other threats is a great feature of Knocknoc. Users are able to have a handset on their home internet connection, and just login for the day, and their ...

Knocknoc ships with a script for updating security groups in AWS. Checkout the backend documentation here: https://docs.knocknoc.io/books/admin-guide/page/aws-ec2-security-groups This includes an IAM role for updating the security group.  This approach allow...

Streaming low-latency video is a challenge for firewalls and VPNs, and Knocknoc is an excellent solution. The ipset backend script is a great tool to allow things like SRT or RTMP to select IPs.  The Knocknoc demo includes an RTMP example, where the backend ...

A small business sought a cost-effective, secure remote access solution for their remote desktop servers.They relied on a Linux-based edge firewall, using port forwarding to direct RDP traffic to internal machines. Although they utilized high, non-standard por...

Use case: Eliminating SSH attack surface in a distributed environment A large distributed enterprise needed to eliminate the attack surface of its Internet-facing SSH servers - without adding latency, changing its network architecture, or compromising on secu...

We're excited to announce the release of Knocknoc 6, a major leap forward in attack surface reduction, implemented at speed. This release brings a host of new features and improvements that make Knocknoc even more efficient, user-friendly, and adaptable withi...

Knocknoc can authenticate users to an LDAP server like Active Directory, by attempting to bind as that user with their password. This is useful when you have an on-premise LDAP server, and want to allow users to have a single password to manage. Knocknoc conf...

SAML is an in-depth topic, however it represents the best option for securing users, and providing centralized user management. There are many SAML providers, and no single convention on configuration and implementation. Knocknoc is tried and tested with a few...

An overview of SAML principles and key terms to help you effectively configure and manage SAML with Knocknoc. What is SAML? SAML is an open standard for exchanging authentication data between parties, specifically between an identity provider and a service p...

The following example assumes your Knocknoc instance is located at https://demo.knoc.cloud. Wherever you see that, please substitute it for your own instance URL. Setting Up the IdP Creating An Application Login to your JumpCloud tenant as an administra...

The following example assumes your Knocknoc instance is located at https://<hosting instance>.knoc.cloud. Wherever you see that, please substitute it for your own instance URL (e.g. https://demo.knoc.cloud, https://my-saas.knoc.cloud). Setting Up the IdP C...

The following example assumes your Knocknoc instance is located at https://demo.knoc.cloud. Wherever you see that, please substitute it for your own instance URL. Setting Up the IdP Create an Application Click Create App Integration Select SAML 2.0 Set ...

Knocknoc supports local users in addition to SAML/LDAP. Simply add a user, with a username and password. Then assign them to a group or link them within a Knoc. This is helpful for casual users, as you can set and expiry so for example if you have a web appl...

Current version of Knocknoc server is: 5.0.62, released on Mon, 12 Feb 2024 Current version of knocknoc-agent is: 1.0.28, released on Sat, 24 Feb 2024 

This is an example that lets you use UFW (https://wiki.ubuntu.com/UncomplicatedFirewall) and IPsets to dynamically whitelist IPs for a common host-based firewall.  This is achieved in only a few steps: Install the Knocknoc Agent on the UFW host and enrol i...