Network Security The network security directory contains software designed to transport information over a network in a secure (usually encrypted) manner. This includes a number of IPSEC & PPTP implementations. Many operating systems now contain integrated network security features such as IPSEC and PPTP, and are therefore not featured here. (eg *BSD, Microsoft Windows). o Aesop Aesop is a TCP proxy application that uses strong cryptography to secure data transmission between hosts communicating with otherwise insecure protocols. Aesop allows "chained" operation and includes libaesop, which can be used with LD_PRELOAD to wrap the connect() call, allowing older applications to gain the benefit of secure communications. o CIPE CIPE stands for Crypto IP Encapsulation, and is part of an ongoing project to build encrypting IP routers. It works by tunneling IP packets in encrypted UDP packets. The protocol is designed to be lightweight and simple. Special care has been taken to make this work over dynamic addresses, NAT and SOCKS proxies. o GNU TLS The GNU Transport Layer Security library provides a means of tunnelling otherwise insecure network applications through a secure tunnel, using the TLS 1.0 and SSL 3.0 protocols. o IPSEC # FreeS/WAN FreeS/WAN is an implementation of IPSEC & IKE for Linux. IPSEC is Internet Protocol SECurity. It uses strong cryptography to provide both authentication and encryption services. Authentication ensures that packets are from the right sender and have not been altered in transit. Encryption prevents unauthorised reading of packet contents. # NIST Cerberus The NIST Cerberus IPsec Reference Implementation for Linux was developed based on the current ESP and AH specifications and several of the current algorithm drafts including the AES draft. (Wiretapped is mirroring NIST Cerberus as NIST themselves do not have a functioning download URL) # NIST Cerberus Openswan is an implementation of IPsec for Linux. It supports kernels 2.0, 2.2, 2.4 and 2.6, and runs on many different platforms, including x86, ia64, mips and arm. Is it a code fork of the FreeS/WAN project. o PPTP Linux PPTP Client is a Linux, FreeBSD and NetBSD client for the proprietary Microsoft Point-to-Point Tunneling Protocol, PPTP. Allows connection to a PPTP based Virtual Private Network (VPN) as used by employers and some cable and ADSL internet service providers. o SILC SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services on the Internet over insecure channel. SILC superficially resembles IRC, although they are very different internally. They both provide conferencing services and have almost the same set of commands. Other than that, they are nothing alike. The SILC is secure and the network model is entirely different compared to IRC. o sslwrap sslwrap is a simple Unix service that sits over any simple TCP service such as POP3, IMAP, SMTP, and encrypts all of the data on the connection using TLS/SSL. It uses ssleay to support SSL version 2 and 3. It can run out of inetd. It can also encrypt data for services located on another computer o stunnel Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code. o tinc tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet. o tor Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. o vpnd The virtual private network daemon vpnd is a daemon which connects two networks on network level either via TCP/IP or a (virtual) leased line attached to a serial interface. All data transfered between the two networks are encrypted using the unpatented free Blowfish encryption algorithm. o VTun VTun is the easiest way to create Virtual Tunnels over TCP/IP networks with traffic shaping, compression, and encryption. It supports IP, PPP, SLIP, Ethernet and other tunnel types. VTun is easily and highly configurable, it can be used for various network tasks. o Zebedee Zebedee is a simple program to establish an encrypted, compressed "tunnel" for TCP/IP or UDP data transfer between two systems. This allows traffic such as telnet, ftp and X to be protected from snooping as well as potentially gaining performance over low-bandwidth networks from compression. (Note: This list of software and information available at Wiretapped is not exhaustive. Users are encouraged to browse and search the archive and read any available "-README.txt" files that are available)