Soap Box: Knocknoc glues your SSO to your firewalls for Just-in-Time network access

Summary

Risky Business Podcast Summary

Episode: Soap Box: Knockknock Glues Your SSO to Your Firewalls for Just-in-Time Network Access
Host: Patrick Gray
Guest: Adam Pointon, CEO of Knock Knock
Release Date: March 26, 2025

1. Introduction to Knock Knock and Its Features

In this episode of Risky Business’s Soapbox edition, host Patrick Gray introduces Knock Knock, a Just-in-Time (JIT) network access solution that integrates Single Sign-On (SSO) with firewall management to enhance security. Patrick highlights his personal connection to Knock Knock, mentioning his role on the company's board and his involvement in securing seed funding and recruiting Adam Pointon as CEO.

Patrick Gray [00:07]:

"Essentially what it is, is just in time network access or network allow listing."

Knock Knock allows organizations to dynamically open firewall ports based on authenticated user sessions, thereby minimizing the exposure of vulnerable systems to the internet.

2. Technical Architecture and Functionality

Adam Pointon delves into the technical underpinnings of Knock Knock, explaining how it orchestrates existing infrastructure without introducing additional layers typical of Zero Trust networks.

Adam Pointon [02:06]:

"We orchestrate the firewalls and say this IP address is allowed access for four hours to these services."

Knock Knock operates by allowing authenticated users to access specific ports after successful SSO, then automatically revokes access after a set period. This dynamic approach ensures that systems are only exposed when necessary, reducing the attack surface.

3. Use Cases and Applications

a. Protecting Firewalls and VPNs

A significant use case discussed is the protection of firewall and VPN appliances, which are common targets for brute force attacks and credential theft.

Adam Pointon [07:33]:

"Knock Knock allows them to take [firewalls and VPNs] off the naked Internet, preventing brute force and stolen credentials from being exploited."

By managing access to these critical devices, Knock Knock ensures that only authenticated users can interact with firewall and VPN endpoints, thereby bolstering network security.

b. Securing Legacy Applications

Knock Knock is particularly effective for safeguarding legacy applications that lack modern security features like Multi-Factor Authentication (MFA).

Adam Pointon [04:19]:

"They wanted to add MFA, take that web application off the Internet, but not force everybody to go through a VPN."

This capability allows organizations to protect older systems without overhauling their existing infrastructure, providing a pragmatic solution to persistent security challenges.

c. Industry-Specific Implementations

Various industries, including broadcast media and telecommunications, utilize Knock Knock to secure specialized applications and environments.

Patrick Gray [24:42]:

"For example, one of Australia's major telcos uses this to restrict access to all of its SSH."

These implementations demonstrate Knock Knock's versatility in addressing diverse security needs across different sectors.

4. Security Enhancements: MFA and User Attribution

Integrating MFA with Knock Knock adds an additional layer of security, ensuring that only verified users gain access to sensitive systems.

Adam Pointon [10:53]:

"When you combine that with MFA... you can have attribution of the user, their browser, all in the IDP tied with MFA access to the service."

Furthermore, Knock Knock provides detailed user attribution, linking network access to specific user sessions and actions, which is invaluable for auditing and compliance.

5. Comparisons with Other Solutions (Magic Cloud Proxies)

Patrick contrasts Knock Knock with traditional identity-aware proxies offered by companies like Akamai, Cloudflare, and Zscaler, referring to them as "magic clouds."

Patrick Gray [14:27]:

"This is much simpler... without having to go through complicated clouds."

Unlike these cloud-based solutions, Knock Knock does not require routing all traffic through an external cloud, thereby avoiding potential vulnerabilities associated with centralized proxy services.

6. Implementation Modes: Passive, Passive Plus, Active

Adam outlines the different modes Knock Knock can operate in to manage firewall access dynamically:

Passive Mode: Firewalls poll Knock Knock for allowed IP addresses without direct interaction.

Adam Pointon [09:15]:

"It's a passive way. It doesn't break anything, doesn't interact with anything."
Passive Plus: Enhances passive mode by prompting the firewall to refresh its allow list immediately upon changes.
Active Mode: Directly communicates with the firewall to add user-specific IP addresses in real-time during login events.

Adam Pointon [10:30]:

"We actually give the username... which then flows through into their other management, reporting and systems."

These modes offer flexibility in how organizations integrate Knock Knock with their existing security infrastructure.

7. Product Development and User Experience

Since Adam’s appointment as CEO, Knock Knock has focused on improving user experience by developing a more intuitive front-end interface, making deployment and integration easier for organizations without extensive sysadmin expertise.

Adam Pointon [28:43]:

"A lot of the time was spent... getting the user experience right, the whole out of the box utilization, deployment up and quickly integration with more devices."

This emphasis on usability ensures that Knock Knock remains accessible to a broader range of users, facilitating quicker adoption and implementation.

8. Conclusion

Patrick Gray wraps up the discussion by highlighting the broad applicability and effectiveness of Knock Knock in enhancing network security through dynamic access control and MFA integration. He emphasizes the product's ability to provide a high degree of assurance against mass scanning and targeted attacks by ensuring systems are only exposed when necessary.

Patrick Gray [30:34]:

"It's one of those things where it's an identity aware proxy but much simpler... Knock Knock is really protecting them and taking them offline until needed."

Adam Pointon echoes this sentiment, emphasizing Knock Knock's role in prevention and the proactive reduction of attack surfaces.

Adam Pointon [27:05]:

"It's about prevention rather than just sort of kicking the can down the road by relying on backups."

Listeners are encouraged to explore Knock Knock further by visiting knockknock.io and providing feedback to enhance its capabilities.

Notable Quotes:

Patrick Gray [00:07]:

"Risky Business is a must-listen digest for information security pros."
Adam Pointon [02:06]:

"We orchestrate the firewalls and say this IP address is allowed access for four hours to these services."
Patrick Gray [14:27]:

"This is much simpler... without having to go through complicated clouds."
Adam Pointon [10:30]:

"We actually give the username... which then flows through into their other management, reporting and systems."
Patrick Gray [30:34]:

"It's one of those things where it's an identity aware proxy but much simpler... Knock Knock is really protecting them and taking them offline until needed."

For More Information:

Knock Knock Website: knockknock.io
Risky Business Podcast: Subscribe on your favorite podcast platform.

Summary

Risky Business Podcast Summary

Episode: Soap Box: Knockknock Glues Your SSO to Your Firewalls for Just-in-Time Network Access
Host: Patrick Gray
Guest: Adam Pointon, CEO of Knock Knock
Release Date: March 26, 2025

1. Introduction to Knock Knock and Its Features

Patrick Gray [00:07]:

"Essentially what it is, is just in time network access or network allow listing."

Knock Knock allows organizations to dynamically open firewall ports based on authenticated user sessions, thereby minimizing the exposure of vulnerable systems to the internet.

2. Technical Architecture and Functionality

Adam Pointon delves into the technical underpinnings of Knock Knock, explaining how it orchestrates existing infrastructure without introducing additional layers typical of Zero Trust networks.

Adam Pointon [02:06]:

"We orchestrate the firewalls and say this IP address is allowed access for four hours to these services."

3. Use Cases and Applications

a. Protecting Firewalls and VPNs

A significant use case discussed is the protection of firewall and VPN appliances, which are common targets for brute force attacks and credential theft.

Adam Pointon [07:33]:

"Knock Knock allows them to take [firewalls and VPNs] off the naked Internet, preventing brute force and stolen credentials from being exploited."

By managing access to these critical devices, Knock Knock ensures that only authenticated users can interact with firewall and VPN endpoints, thereby bolstering network security.

b. Securing Legacy Applications

Knock Knock is particularly effective for safeguarding legacy applications that lack modern security features like Multi-Factor Authentication (MFA).

Adam Pointon [04:19]:

"They wanted to add MFA, take that web application off the Internet, but not force everybody to go through a VPN."

This capability allows organizations to protect older systems without overhauling their existing infrastructure, providing a pragmatic solution to persistent security challenges.

c. Industry-Specific Implementations

Various industries, including broadcast media and telecommunications, utilize Knock Knock to secure specialized applications and environments.

Patrick Gray [24:42]:

"For example, one of Australia's major telcos uses this to restrict access to all of its SSH."

These implementations demonstrate Knock Knock's versatility in addressing diverse security needs across different sectors.

4. Security Enhancements: MFA and User Attribution

Integrating MFA with Knock Knock adds an additional layer of security, ensuring that only verified users gain access to sensitive systems.

Adam Pointon [10:53]:

"When you combine that with MFA... you can have attribution of the user, their browser, all in the IDP tied with MFA access to the service."

Furthermore, Knock Knock provides detailed user attribution, linking network access to specific user sessions and actions, which is invaluable for auditing and compliance.

5. Comparisons with Other Solutions (Magic Cloud Proxies)

Patrick contrasts Knock Knock with traditional identity-aware proxies offered by companies like Akamai, Cloudflare, and Zscaler, referring to them as "magic clouds."

Patrick Gray [14:27]:

"This is much simpler... without having to go through complicated clouds."

Unlike these cloud-based solutions, Knock Knock does not require routing all traffic through an external cloud, thereby avoiding potential vulnerabilities associated with centralized proxy services.

6. Implementation Modes: Passive, Passive Plus, Active

Adam outlines the different modes Knock Knock can operate in to manage firewall access dynamically:

Passive Mode: Firewalls poll Knock Knock for allowed IP addresses without direct interaction.

Adam Pointon [09:15]:

"It's a passive way. It doesn't break anything, doesn't interact with anything."
Passive Plus: Enhances passive mode by prompting the firewall to refresh its allow list immediately upon changes.
Active Mode: Directly communicates with the firewall to add user-specific IP addresses in real-time during login events.

Adam Pointon [10:30]:

"We actually give the username... which then flows through into their other management, reporting and systems."

These modes offer flexibility in how organizations integrate Knock Knock with their existing security infrastructure.

7. Product Development and User Experience

Adam Pointon [28:43]:

"A lot of the time was spent... getting the user experience right, the whole out of the box utilization, deployment up and quickly integration with more devices."

This emphasis on usability ensures that Knock Knock remains accessible to a broader range of users, facilitating quicker adoption and implementation.

8. Conclusion

Patrick Gray [30:34]:

"It's one of those things where it's an identity aware proxy but much simpler... Knock Knock is really protecting them and taking them offline until needed."

Adam Pointon echoes this sentiment, emphasizing Knock Knock's role in prevention and the proactive reduction of attack surfaces.

Adam Pointon [27:05]:

"It's about prevention rather than just sort of kicking the can down the road by relying on backups."

Listeners are encouraged to explore Knock Knock further by visiting knockknock.io and providing feedback to enhance its capabilities.

Notable Quotes:

Patrick Gray [00:07]:

"Risky Business is a must-listen digest for information security pros."
Adam Pointon [02:06]:

"We orchestrate the firewalls and say this IP address is allowed access for four hours to these services."
Patrick Gray [14:27]:

"This is much simpler... without having to go through complicated clouds."
Adam Pointon [10:30]:

"We actually give the username... which then flows through into their other management, reporting and systems."
Patrick Gray [30:34]:

"It's one of those things where it's an identity aware proxy but much simpler... Knock Knock is really protecting them and taking them offline until needed."

For More Information:

Knock Knock Website: knockknock.io
Risky Business Podcast: Subscribe on your favorite podcast platform.

wavePod

Powered by Wave AI

Summary

1. Introduction to Knock Knock and Its Features

2. Technical Architecture and Functionality

3. Use Cases and Applications

a. Protecting Firewalls and VPNs

b. Securing Legacy Applications

c. Industry-Specific Implementations

4. Security Enhancements: MFA and User Attribution

5. Comparisons with Other Solutions (Magic Cloud Proxies)

6. Implementation Modes: Passive, Passive Plus, Active

7. Product Development and User Experience

8. Conclusion

Summary

1. Introduction to Knock Knock and Its Features

2. Technical Architecture and Functionality

3. Use Cases and Applications

a. Protecting Firewalls and VPNs

b. Securing Legacy Applications

c. Industry-Specific Implementations

4. Security Enhancements: MFA and User Attribution

5. Comparisons with Other Solutions (Magic Cloud Proxies)

6. Implementation Modes: Passive, Passive Plus, Active

7. Product Development and User Experience

8. Conclusion