Projects tagged ‘ipsec’

Endian Firewall Community is a "turn-key" linux security distribution that turns every system into a full featured security appliance with Unified Threat Management (UTM) functionality. The software ... [More] has been de signed with "usability in mind" and is very easy to install, use and manage, without losing its flexibility. The features include a stateful packet inspection firewall, application-level proxies for various protocols (HTTP, FTP, POP3, SMTP) with antivirus support, virus and spamfiltering for email traffic (POP and SMTP), content filtering of Web traffic and a "hassle free" VPN solution (based on OpenVPN). The main advantage of Endian Firewall is that it is a pure "Open Source" solution that is sponsored by Endian. [Less]

Openswan is an Open Source implementation of IPsec for the Linux operating system. Is it a code fork of the FreeS/WAN project, started by a few of the developers who were growing frustrated with the politics surrounding the FreeS/WAN project.

Vyatta software is a Linux-based, open networking (advanced routing & security) solution that leverages x86 hardware and components to deliver a flexible, affordable alternative to Cisco 1800 through ... [More] 7200 series routers. Vyatta is a enterprise class, commercial open source offering that can deliver BGP, OSPF, RIP routing, firewall, IPSec and SSL VPN, Intrusion Prevention and more that can scale from the branch office to the service provider edge for a fraction of the cost of proprietary alternatives. Being software-based also allows Vyatta to deliver a full suite of Layer-3 routing and security services to VMware and Xen virtualization platforms. [Less]

strongSwan is an OpenSource IPsec implementation for the Linux operating system. It is based on the discontinued FreeS/WAN project and the X.509 patch which we developed over the last three years. It ... [More] features IKEv1 and IKEv2 keying capabilities and targets Linux 2.6 native IPsec. [Less]

IPFire is new-developed firewall build with the latest releases of linux 2.6 and tools. You are able to install a lot of addons and you will see a firewall can become a home server.

KVpnc is a KDE Desktop Environment front end for various VPN clients. It supports Cisco VPN (vpnc), IPSec (FreeS/WAN , Openswan, strongSwan, racoon), PPTP (pptpclient), OpenVPN, L2TP (FreeS/WAN ... [More] , Openswan, strongSwan, racoon) and smartcard support (OpenVPN, strongSwan). [Less]

.. fill in some info ..

Openswan is an Open Source implementation of IPsec for the Linux operating system. Is it a code fork of the FreeS/WAN project, started by a few of the developers who were growing frustrated with the politics surrounding the FreeS/WAN project.

OpenIPSec is an open source IPSec Framework for Windows XP/Vista/Blackcomb/CE. The Framework will include an API for software development, command line tools, open source code (GPLv3) and ... [More] documentation. Development is done from scratch and all dependent projects are my own projects (To ease bug fix; release a soft 100% free and open source). This project depends on OpenSec and libonid. The first, contains IPSec algorithms implementation and the second allows monitoring Network cards. These two projects are under development (OpenSec: 90% done - libonid: 40% done) and the source code is freely available for download. To ease adoption, command line tools (setkey, spdadd, add ...) will have same name and syntax than those provided on Linux. //==================================================================================== //==================================================================================== //==================================================================================== //==================================================================================== 1. IPSecIPSec stands for Internet Protocol SECurity and has been specified by the Internet Engineering Task Force (IETF). IPSec operates at at the Network Layer (OSI Layer 3). This imply that it can protect all upper protocols such as UDP, TCP or ICMP. IPsec is a successor of the ISO standard Network Layer Security Protocol (NLSP). NLSP was based on the SP3 protocol that was published by the NIST but designed by the Secure Data Network System project of the National Security Administration (NSA). Because it operates at OSI layer 3 it must be integrated at the Kernel/OS Layer. On Windows OS all Network APIs (e.g. Windows Sockets 2 or Layered Service Provider) operate at the upper layers (user/application Layer). An example of security protocols working at user/application layer are Secure Sockets Layer (SSL), Transport Layer Security (TLS) Secure Shell (SSH). 1.1 StandardsRFC1825 - Security Architecture for the Internet Protocol (Obsoleted by: 2401) RFC2401 - Security Architecture for the Internet Protocol (Obsoletes: 1825 and Obsoleted by: 4301 and Updated by: 3168) RFC2402 - IP Authentication Header (Obsoleted by: 4302, 4305 and Obsoletes: 1826) RFC2410 - The NULL Encryption Algorithm and Its Use With IPsec RFC2405 - The ESP DES-CBC Cipher Algorithm With Explicit IV RFC2406 - IP Encapsulating Security Payload (ESP) (Obsoleted by: 4303, 4305 and Obsoletes: 1827) RFC2407 - The Internet IP Security Domain of Interpretation for ISAKMP (Obsoleted by: 4306) RFC2408 - Internet Security Association and Key Management Protocol (ISAKMP) (Obsoleted by: 4306) RFC2409 - The Internet Key Exchange (IKE) (Obsoleted by: 4306 and Updated by: 4109) RFC2481 - A Proposal to add Explicit Congestion Notification (ECN) to IP (Obsoleted by: 3168) RFC3168 - The Addition of Explicit Congestion Notification (ECN) to IP (Updates: 2474, 2401, 793 and Obsoletes: 2481) RFC3602 - The AES-CBC Cipher Algorithm and Its Use with IPsec RFC4109 - Algorithms for Internet Key Exchange version 1 (IKEv1) (Updates: 2409) RFC4301 - Security Architecture for the Internet Protocol RFC4302 - IP Authentication Header RFC4303 - IP Encapsulating Security Payload (ESP) (Obsoletes: 2406) RFC4305 - Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) (Obsoleted by: 4835 and Obsoletes: 2404, 2406 ) RFC4306 - Internet Key Exchange (IKEv2) Protocol RFC4307 - Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2) RFC4835 - Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) (Obsoletes: 4305) 1.2 ProtocolsIPSec have three main protocols: AH, ESP and IKE. AH and ESP are commonly called Security Protocols. =>AH: Stands for Authentication Header and has been defined in RFC4302. It is used to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replays. =>ESP: Stands for Encapsulating Security Payload and has been defined in RFC4303. It is used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and (limited) traffic flow confidentiality. It may be applied alone or in combination with AH. =>IKEv1/IKEv2: Stands for Internet Key Exchange and have been defined in RFC4109 and RFC4306. Both are used for mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) and/or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. 1.3 Security Association (SA)IPSec security association (SA) is a virtual unidirectional association between two or more peers/entities (IP:port) . This mean that you should create two SAs for bidirectional communications. Each SA has its own ID called SAID stored in the Security Association Database (SAD) as per RFC4301. The SA defines: A unique security parameter index (SPI) Shared security Keys Lifetime Encryption algorithm to use : DES, 3DES or AES (all supported by OpenSec) Authentication algorithm to use: HMAC-MD5-96 or HMAC-SHA-1-96 (all supported by OpenSec) Which Protocol to use: ESP or AH 1.4 Key ManagementKey Management mechanism is used to exchange mandatory security keys to setup SAs. Can be manual or automated using IKE. For Example, 3GPP IMS use SIP to exchange security information and manually setup SAs (e.g. using ipsec command line tools). 1.5 Mode of operation (transport and tunnel)Both ESP and AH may be applied individually or in combination with each other to provide IPv4 and IPv6 security services. Both supports two modes of use: transport mode and tunnel mode. In transport mode, AH and ESP provide protection primarily for next layer protocols; in tunnel mode, AH and ESP are applied to tunneled IP packets. ==>Transport: only the payload (without IP header) of the IP packet is encrypted (ESP) and/or authenticated (ESP or AH) before (re)transmission. This is the default mode in 3GPP IMS context (Both UE and P-CSCF). =>Tunnel: both the IP header and the payload are encrypted (ESP) and/or authenticated (ESP or AH) before (re)transmission. It is used to create Virtual Private Networks (VPN). Copyright (C) 2009 Mamadou DIOP [Less]

software collection to manage security tools on OSX Operating system