NCAE Mapping Hub Authoritative cross-reference for DCWF, NCAE Knowledge Units, O*NET, and the EWU Cyber Operations program

Security+ · 4.0 Security Operations

Port knocking

A technique where SSH (or another service) only opens its port after a specific sequence of 'knocks' on other ports. Security-through-obscurity layer on top of normal auth.

How this shows up at NCAE

Red team may deploy a port-knocking backdoor: watch for unusual packet-capture tools in the hunt, and a suspicious chain of IPs hitting closed ports before a shell opens.