racoon speaks IKE (ISAKMP/Oakley) key management protocol, to
establish security association with other hosts.
This is the IPSec-tools version of racoon.
Enchancements:
- Support of NAT-T and IKE fragmentation.
- Support of many authentication algorithms.
- Tons of bugfixes.
Known issues:
- Non-threaded implementation. Simultaneous key negotiation performance
should be improved.
- Cannot negotiate keys for per-socket policy.
- Cryptic configuration syntax - blame IPsec specification too...
- Needs more documentation.
Design choice, not a bug:
- racoon negotiate IPsec keys only. It does not negotiate policy. Policy must
be configured into the kernel separately from racoon. If you want to
support roaming clients, you may need to have a mechanism to put policy
for the roaming client after phase 1 finishes.
Gnome Password Generator is a GUI based secure password generator. It allows
the user to generate a specified number of random passwords of a specified
length.
Kerberos V5 is an authentication system developed at MIT.
Abridged from the User Guide:
Under Kerberos, a client sends a request for a ticket to the
Key Distribution Center (KDC). The KDC creates a ticket-granting
ticket (TGT) for the client, encrypts it using the client's
password as the key, and sends the encrypted TGT back to the
client. The client then attempts to decrypt the TGT, using
its password. If the client successfully decrypts the TGT, it
keeps the decrypted TGT, which indicates proof of the client's
identity. The TGT permits the client to obtain additional tickets,
which give permission for specific services.
Since Kerberos negotiates authenticated, and optionally encrypted,
communications between two points anywhere on the internet, it
provides a layer of security that is not dependent on which side of a
firewall either client is on.
The Kerberos V5 package is designed to be easy to use. Most of the
commands are nearly identical to UNIX network programs you are already
used to. Kerberos V5 is a single-sign-on system, which means that you
have to type your password only once per session, and Kerberos does
the authenticating and encrypting transparently.
Jacques Vidrine <n@nectar.com>
Libntlm is a library that implement Microsoft's NTLM authentication.
Cops is a set of programs to check how secure your system is. It
checks file and directory privileges, SUID programs, etc. It has
support for checking passwords, but this port doesn't include it
as it is DES based. This port installs cops in a single directory
area. The directory has no non-user privileges and cops is meant
to be run locally to that directory. The perl version of cops is
also included in a subdirectory.
This program can convert your Checkpoint FW1 rulesets into
XML files which can then be processed by Firewall Builder.
American fuzzy lop is a fuzzer that employs a novel type of compile-time
instrumentation and genetic algorithms to automatically discover clean,
interesting test cases that trigger new internal states in the targeted
binary. This substantially improves the functional coverage for the
fuzzed code.
AfterGlow is a collection of scripts which facilitate the process of
generating event graphs and treemaps. AfterGlow 1.x is written in Perl
and generates output that can be read by GraphViz or LGL.
All the scripts and other files for afterglow are installed in
%%DATADIR%%
AIDE is Advanced Intrusion Detection Environment.
This piece of software was written as a replacement and extension
for Tripwire.
Amap is a next-generation scanning tool, it identifies applications
and services even if they are not listening to the default port
by creating a bogus-communication.