Network Security
The network security directory contains software designed to transport
information over a network in a secure (usually encrypted) manner. This
includes a number of IPSEC & PPTP implementations. Many operating
systems now contain integrated network security features such as IPSEC
and PPTP, and are therefore not featured here. (eg *BSD, Microsoft
Windows).
o Aesop
Aesop is a TCP proxy application that uses strong cryptography to
secure data transmission between hosts communicating with otherwise
insecure protocols. Aesop allows "chained" operation and includes
libaesop, which can be used with LD_PRELOAD to wrap the connect()
call, allowing older applications to gain the benefit of secure
communications.
o CIPE
CIPE stands for Crypto IP Encapsulation, and is part of an ongoing
project to build encrypting IP routers. It works by tunneling IP
packets in encrypted UDP packets. The protocol is designed to be
lightweight and simple. Special care has been taken to make this
work over dynamic addresses, NAT and SOCKS proxies.
o GNU TLS
The GNU Transport Layer Security library provides a means of
tunnelling otherwise insecure network applications through a secure
tunnel, using the TLS 1.0 and SSL 3.0 protocols.
o IPSEC
# FreeS/WAN
FreeS/WAN is an implementation of IPSEC & IKE for Linux. IPSEC
is Internet Protocol SECurity. It uses strong cryptography to
provide both authentication and encryption services.
Authentication ensures that packets are from the right sender
and have not been altered in transit. Encryption prevents
unauthorised reading of packet contents.
# NIST Cerberus
The NIST Cerberus IPsec Reference Implementation for Linux was
developed based on the current ESP and AH specifications and
several of the current algorithm drafts including the AES
draft. (Wiretapped is mirroring NIST Cerberus as NIST
themselves do not have a functioning download URL)
# NIST Cerberus
Openswan is an implementation of IPsec for Linux. It supports
kernels 2.0, 2.2, 2.4 and 2.6, and runs on many different
platforms, including x86, ia64, mips and arm. Is it a code fork
of the FreeS/WAN project.
o PPTP Linux
PPTP Client is a Linux, FreeBSD and NetBSD client for the
proprietary Microsoft Point-to-Point Tunneling Protocol, PPTP.
Allows connection to a PPTP based Virtual Private Network (VPN) as
used by employers and some cable and ADSL internet service
providers.
o SILC
SILC (Secure Internet Live Conferencing) is a protocol which
provides secure conferencing services on the Internet over insecure
channel. SILC superficially resembles IRC, although they are very
different internally. They both provide conferencing services and
have almost the same set of commands. Other than that, they are
nothing alike. The SILC is secure and the network model is entirely
different compared to IRC.
o sslwrap
sslwrap is a simple Unix service that sits over any simple TCP
service such as POP3, IMAP, SMTP, and encrypts all of the data on
the connection using TLS/SSL. It uses ssleay to support SSL version
2 and 3. It can run out of inetd. It can also encrypt data for
services located on another computer
o stunnel
Stunnel is a program that allows you to encrypt arbitrary TCP
connections inside SSL (Secure Sockets Layer) available on both
Unix and Windows. Stunnel can allow you to secure non-SSL aware
daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel
provide the encryption, requiring no changes to the daemon's code.
o tinc
tinc is a Virtual Private Network (VPN) daemon that uses tunnelling
and encryption to create a secure private network between hosts on
the Internet.
o tor
Tor is a network of virtual tunnels that allows people and groups
to improve their privacy and security on the Internet. It also
enables software developers to create new communication tools with
built-in privacy features. Tor provides the foundation for a range
of applications that allow organizations and individuals to share
information over public networks without compromising their
privacy.
o vpnd
The virtual private network daemon vpnd is a daemon which connects
two networks on network level either via TCP/IP or a (virtual)
leased line attached to a serial interface. All data transfered
between the two networks are encrypted using the unpatented free
Blowfish encryption algorithm.
o VTun
VTun is the easiest way to create Virtual Tunnels over TCP/IP
networks with traffic shaping, compression, and encryption. It
supports IP, PPP, SLIP, Ethernet and other tunnel types. VTun is
easily and highly configurable, it can be used for various network
tasks.
o Zebedee
Zebedee is a simple program to establish an encrypted, compressed
"tunnel" for TCP/IP or UDP data transfer between two systems. This
allows traffic such as telnet, ftp and X to be protected from
snooping as well as potentially gaining performance over
low-bandwidth networks from compression.
(Note: This list of software and information available at Wiretapped is
not exhaustive. Users are encouraged to browse and search the archive
and read any available "-README.txt" files that are available)