Sancp is a network security tool designed to collect
statistical information regarding network traffic, as
well as, collect the traffic itself in pcap format, all
for the purpose of: auditing, historical analysis, and
network activity discovery. Rules can be used to distinguish
normal from abnormal traffic and support tagging connections
with: rule id, node id, and status id. From an intrusion
detection standpoint, every connection is an event that must
be validated through some means. Sancp uses rules to identify,
record, and tag traffic of interest. 'Tagging' a connection
is a new feature since v1.4.0 Connections ('stats') can be
loaded into a database for further analysis.
The seccure toolset implements a selection of asymmetric algorithms
based on elliptic curve cryptography (ECC). In particular it offers
public key encryption / decryption, signature generation /
verification and key establishment.
ECC schemes offer a much better key size to security ratio than
classical systems (RSA, DSA). Keys are short enough to make direct
specification of keys on the command line possible (sometimes this
is more convenient than the management of PGP-like key rings).
seccure builds on this feature and therefore is the tool of choice
whenever lightweight asymmetric cryptography -- independent of key
servers, revocation certificates, the Web of Trust or even
configuration files -- is required.
Tcpcrypt is a protocol that attempts to encrypt (almost) all of your
network traffic. Unlike other security mechanisms, Tcpcrypt works out
of the box: it requires no configuration, no changes to applications,
and your network connections will continue to work even if the remote
end does not support Tcpcrypt, in which case connections will
gracefully fall back to standard clear-text TCP. Install Tcpcrypt and
you'll feel no difference in your every day user experience, but yet
your traffic will be more secure and you'll have made life much harder
for hackers.
Tor: an anonymizing overlay network for TCP
Tor is a connection-based low-latency anonymous communication system which
addresses many flaws in the original onion routing design.
Tor is a toolset for a wide range of organizations and people that
want to improve their safety and security on the Internet. Using
Tor can help you anonymize web browsing and publishing, instant
messaging, IRC, SSH, and more. Tor also provides a platform on which
software developers can build new applications with built-in
anonymity, safety, and privacy features.
Remember that this is development code -- DON'T RELY ON THE CURRENT TOR
NETWORK FOR ANONYMITY!
Allow users to only see tickets they are associated with.
There are three new permissions for this plugin: TICKET_VIEW_REPORTER,
TICKET_VIEW_CC, and TICKET_VIEW_OWNER. TICKET_VIEW_SELF is an alias
for all three of these.
With each permission, users will only be able to see tickets where they are
the person mentioned in the permission. So if a user has TICKET_VIEW_REPORTER,
they can only see tickets they reported. For TICKET_VIEW_CC, they just have to
be included in the CC list.
ccrypt is a utility for encrypting and decrypting files and streams. It was
designed to replace the standard Unix crypt utility, which is notorious for
using a very weak encryption algorithm. ccrypt is based on the Rijndael
cipher, which is the U.S. government's chosen candidate for the Advanced
Encryption Standard (AES, see http://www.nist.gov/aes/). This cipher is
believed to provide very strong security.
Unlike Unix crypt, the algorithm provided by ccrypt is not symmetric, i.e.,
one must specify whether to encrypt or decrypt. The most common way to invoke
ccrypt is via the commands ccencrypt and ccdecrypt. There is also a ccat
command for decrypting a file directly to the terminal, thus reducing the
likelihood of leaving temporary plaintext files around. In addition, there
is a compatibility mode for decrypting legacy Unix crypt files.
Encryption and decryption depends on a keyword (or key phrase) supplied by
the user. By default, the user is prompted to enter a keyword from the
terminal. Keywords can consist of any number of characters, and all characters
are significant (although ccrypt internally hashes the key to 256 bits).
Longer keywords provide better security than short ones, since they are less
likely to be discovered by exhaustive search.
This is Encrypted MAC (EMAC), formerly known as Double MAC (DMAC).
Unlike HMAC, which reuses an existing one-way hash function, such as
MD5, SHA-1 or RIPEMD-160, EMAC reuses an existing block cipher to
produce a secure message authentication code (MAC).
Using the block cipher, a message is encrypted in CBC mode. The last
block is taken as the MAC of the message. For fixed-length messages,
this method is provably secure. In reality, however, messages have
arbitrary lengths, and this method is not secure. To make secure MACs
for variable length messages, the last block is encrypted once again
with a different key. The security of this construction has been proved
in the paper, ``CBC MAC for Real-Time Data Sources'' by Erez Petrank
and Charles Rackoff. The security can be proved on the assumption that
the underlying block cipher is pseudo-random.
The performance and key-agility of EMAC are reasonable. EMAC is
preferable for short messages because the block length is smaller
compared to the schemes based on a hash function. EMAC is also chosen
as one of the NESSIE winners for Message Authentication Codes, along
with UMAC, TTMAC and HMAC. The current NESSIE specification chooses the
AES as block cipher.
This is Encrypted MAC (EMAC), formerly known as Double MAC (DMAC).
Unlike HMAC, which reuses an existing one-way hash function, such as
MD5, SHA-1 or RIPEMD-160, EMAC reuses an existing block cipher to
produce a secure message authentication code (MAC).
Using the block cipher, a message is encrypted in CBC mode. The last
block is taken as the MAC of the message. For fixed-length messages,
this method is provably secure. In reality, however, messages have
arbitrary lengths, and this method is not secure. To make secure MACs
for variable length messages, the last block is encrypted once again
with a different key. The security of this construction has been proved
in the paper, ``CBC MAC for Real-Time Data Sources'' by Erez Petrank
and Charles Rackoff. The security can be proved on the assumption that
the underlying block cipher is pseudo-random.
The performance and key-agility of EMAC are reasonable. EMAC is
preferable for short messages because the block length is smaller
compared to the schemes based on a hash function. EMAC is also chosen
as one of the NESSIE winners for Message Authentication Codes, along
with UMAC, TTMAC and HMAC. The current NESSIE specification chooses the
AES as block cipher.
arp-scan is a command-line tool that uses the ARP
protocol to discover and fingerprint IP hosts on
the local network. It is available for Linux and
BSD under the GPL licence.
Gringotts is an application to store sensitive data like passwords, pincodes,
credit card numbers, etc. Features:
* Fast, light GTK2 interface.
* Good integration with GNOME, as well as all the other window managers.
* High stress on safety & security.
* Not only "normal" string passwords can be used, but any file can be the
password to your data.
* 8 encryption algorythms are available through the mcrypt library:
RIJNDAEL-128 (AES), RIJNDAEL-256, SERPENT, TWOFISH, CAST 256, SAFER+, LOKI97,
3DES.
* 2 160-bit hash algorythms, used to generate the key: SHA1, RIPEMD160.
* 2 compression types, with 4 compression levels each: ZLib, BZip2.
* Complete & easy management of entries' order.
* Complete Search function.
* Very intuitive usability, you won't need any manual.
* It comes with a thread-safe C library, libGringotts, that can be used in any
other project to save data in files in a simple and safe way.