]>
Commit | Line | Data |
---|---|---|
997358a6 MW |
1 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> |
2 | <HTML> | |
3 | <HEAD> | |
4 | <TITLE>Introduction to FreeS/WAN</TITLE> | |
5 | <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=iso-8859-1"> | |
6 | <STYLE TYPE="text/css"><!-- | |
7 | BODY { font-family: serif } | |
8 | H1 { font-family: sans-serif } | |
9 | H2 { font-family: sans-serif } | |
10 | H3 { font-family: sans-serif } | |
11 | H4 { font-family: sans-serif } | |
12 | H5 { font-family: sans-serif } | |
13 | H6 { font-family: sans-serif } | |
14 | SUB { font-size: smaller } | |
15 | SUP { font-size: smaller } | |
16 | PRE { font-family: monospace } | |
17 | --></STYLE> | |
18 | </HEAD> | |
19 | <BODY> | |
20 | <A HREF="toc.html">Contents</A> | |
21 | <A HREF="mail.html">Previous</A> | |
22 | <A HREF="glossary.html">Next</A> | |
23 | <HR> | |
24 | <H1><A name="weblink">Web links</A></H1> | |
25 | <H2><A name="freeswan">The Linux FreeS/WAN Project</A></H2> | |
26 | <P>The main project web site is<A href="http://www.freeswan.org/"> | |
27 | www.freeswan.org</A>.</P> | |
28 | <P>Links to other project-related<A href="intro.html#sites"> sites</A> | |
29 | are provided in our introduction section.</P> | |
30 | <H3><A name="patch">Add-ons and patches for FreeS/WAN</A></H3> | |
31 | <P>Some user-contributed patches have been integrated into the FreeS/WAN | |
32 | distribution. For a variety of reasons, those listed below have not.</P> | |
33 | <P>Note that not all patches are a good idea.</P> | |
34 | <UL> | |
35 | <LI>There are a number of "features" of IPsec which we do not implement | |
36 | because they reduce security. See this<A href="compat.html#dropped"> | |
37 | discussion</A>. We do not recommend using patches that implement these. | |
38 | One example is aggressive mode.</LI> | |
39 | <LI>We do not recommend adding "features" of any sort unless they are | |
40 | clearly necessary, or at least have clear benefits. For example, | |
41 | FreeS/WAN would not become more secure if it offerred a choice of 14 | |
42 | ciphers. If even one was flawed, it would certainly become less secure | |
43 | for anyone using that cipher. Even with 14 wonderful ciphers, it would | |
44 | be harder to maintain and administer, hence more vulnerable to various | |
45 | human errors.</LI> | |
46 | </UL> | |
47 | <P>This is not to say that patches are necessarily bad, only that using | |
48 | them requires some deliberation. For example, there might be perfectly | |
49 | good reasons to add a specific cipher in your application: perhaps GOST | |
50 | to comply with government standards in Eastern Europe, or AES for | |
51 | performance benefits.</P> | |
52 | <H4>Current patches</H4> | |
53 | <P>Patches believed current::</P> | |
54 | <UL> | |
55 | <LI>patches for<A href="http://www.strongsec.com/freeswan/"> X.509 | |
56 | certificate support</A>, also available from a<A href="http://www.twi.ch/~sna/strongsec/freeswan/"> | |
57 | mirror site</A></LI> | |
58 | <LI>patches to add<A href="http://www.irrigacion.gov.ar/juanjo/ipsec"> | |
59 | AES and other ciphers</A>. There is preliminary data indicating AES | |
60 | gives a substantial<A href="performance.html#perf.more"> performance | |
61 | gain</A>.</LI> | |
62 | </UL> | |
63 | <P>There is also one add-on that takes the form of a modified FreeS/WAN | |
64 | distribution, rather than just patches to the standard distribution:</P> | |
65 | <UL> | |
66 | <LI><A href="http://www.ipv6.iabg.de/downloadframe/index.html">IPv6 | |
67 | support</A></LI> | |
68 | </UL> | |
69 | <P>Before using any of the above,, check the<A href="mail.html"> mailing | |
70 | lists</A> for news of newer versions and to see whether they have been | |
71 | incorporated into more recent versions of FreeS/WAN.</P> | |
72 | <H4>Older patches</H4> | |
73 | <UL> | |
74 | <LI><A href="http://sources.colubris.com/en/projects/FreeSWAN/">hardware | |
75 | acceleration</A></LI> | |
76 | <LI>a<A href="http://tzukanov.narod.ru/"> series</A> of patches that | |
77 | <UL> | |
78 | <LI>provide GOST, a Russian gov't. standard cipher, in MMX assembler</LI> | |
79 | <LI>add GOST to OpenSSL</LI> | |
80 | <LI>add GOST to the International kernel patch</LI> | |
81 | <LI>let FreeS/WAN use International kernel patch ciphers</LI> | |
82 | </UL> | |
83 | </LI> | |
84 | <LI>Neil Dunbar's patches for<A href="ftp://hplose.hpl.hp.com/pub/nd/pluto-openssl.tar.gz"> | |
85 | certificate support</A>, using code from<A href="http://www.openssl.org"> | |
86 | Open SSL</A>.</LI> | |
87 | <LI>Luc Lanthier's<A href="ftp://ftp.netwinder.org/users/f/firesoul/"> | |
88 | patches</A> for<A href="glossary.html#PKIX"> PKIX</A> support.</LI> | |
89 | <LI><A href="ftp://ftp.heise.de/pub/ct/listings/9916-180.tgz">patches</A> | |
90 | to add<A href="glossary.html#blowfish"> Blowfish</A>,<A href="glossary.html#IDEA"> | |
91 | IDEA</A> and<A href="glossary.html#CAST128"> CAST-128</A> to FreeS/WAN</LI> | |
92 | <LI>patches for FreeS/WAN 1.3, Pluto support for<A href="http://alcatraz.webcriminals.com/~bastiaan/ipsec/"> | |
93 | external authentication</A>, for example with a smartcard or SKEYID.</LI> | |
94 | <LI><A href="http://www.zengl.net/freeswan/download/">patches and | |
95 | utilities</A> for using FreeS/WAN with PGPnet</LI> | |
96 | <LI><A href="http://www.freelith.com/lithworks/crypto/freeswan_patch.htm"> | |
97 | Blowfish encryption and Tiger hash</A></LI> | |
98 | <LI><A href="http://www.cendio.se/~bellman/aggressive-pluto.snap.tar.gz"> | |
99 | patches</A> for aggressive mode support</LI> | |
100 | </UL> | |
101 | <P>These patches are for older versions of FreeS/WAN and will likely not | |
102 | work with the current version. Older versions of FreeS/WAN may be | |
103 | available on some of the<A href="intro.html#sites"> distribution sites</A> | |
104 | , but we recommend using the current release.</P> | |
105 | <H4><A name="VPN.masq">VPN masquerade patches</A></H4> | |
106 | <P>Finally, there are some patches to other code that may be useful with | |
107 | FreeS/WAN:</P> | |
108 | <UL> | |
109 | <LI>a<A href="ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html"> | |
110 | patch</A> to make IPsec, PPTP and SSH VPNs work through a Linux | |
111 | firewall with<A href="glossary.html#masq"> IP masquerade</A>.</LI> | |
112 | <LI><A href="http://www.linuxdoc.org/HOWTO/VPN-Masquerade-HOWTO.html"> | |
113 | Linux VPN Masquerade HOWTO</A></LI> | |
114 | </UL> | |
115 | <P>Note that this is not required if the same machine does IPsec and | |
116 | masquerading, only if you want a to locate your IPsec gateway on a | |
117 | masqueraded network. See our<A href="firewall.html#NAT"> firewalls</A> | |
118 | document for discussion of why this is problematic.</P> | |
119 | <P>At last report, this patch could not co-exist with FreeS/WAN on the | |
120 | same machine.</P> | |
121 | <H3><A name="dist">Distributions including FreeS/WAN</A></H3> | |
122 | <P>The introductory section of our document set lists several<A href="intro.html#distwith"> | |
123 | Linux distributions</A> which include FreeS/WAN.</P> | |
124 | <H3><A name="used">Things FreeS/WAN uses or could use</A></H3> | |
125 | <UL> | |
126 | <LI><A href="http://openpgp.net/random">/dev/random</A> support page, | |
127 | discussion of and code for the Linux<A href="glossary.html#random"> | |
128 | random number driver</A>. Out-of-date when we last checked (January | |
129 | 2000), but still useful.</LI> | |
130 | <LI>other programs related to random numbers: | |
131 | <UL> | |
132 | <LI><A href="http://www.mindrot.org/audio-entropyd.html">audio entropy | |
133 | daemon</A> to gather noise from a sound card and feed it into | |
134 | /dev/random</LI> | |
135 | <LI>an<A href="http://www.lothar.com/tech/crypto/"> entropy-gathering | |
136 | daemon</A></LI> | |
137 | <LI>a driver for the random number generator in recent<A href="http://sourceforge.net/projects/gkernel/"> | |
138 | Intel chipsets</A>. This driver is included as standard in 2.4 kernels.</LI> | |
139 | </UL> | |
140 | </LI> | |
141 | <LI>a Linux<A href="http://www.marko.net/l2tp/"> L2TP Daemon</A> which | |
142 | might be useful for communicating with Windows 2000 which builds L2TP | |
143 | tunnels over its IPsec connections</LI> | |
144 | <LI>to use opportunistic encryption, you need a recent version of<A href="glossary.html#BIND"> | |
145 | BIND</A>. You can get one from the<A href="http://www.isc.org"> | |
146 | Internet Software Consortium</A> who maintain BIND.</LI> | |
147 | </UL> | |
148 | <H3><A name="alternatives">Other approaches to VPNs for Linux</A></H3> | |
149 | <UL> | |
150 | <LI>other Linux<A href="#linuxipsec"> IPsec implementations</A></LI> | |
151 | <LI><A href="http://www.tik.ee.ethz.ch/~skip/">ENskip</A>, a free | |
152 | implementation of Sun's<A href="glossary.html#SKIP"> SKIP</A> protocol</LI> | |
153 | <LI><A href="http://sunsite.auc.dk/vpnd/">vpnd</A>, a non-IPsec VPN | |
154 | daemon for Linux which creates tunnels using<A href="glossary.html#Blowfish"> | |
155 | Blowfish</A> encryption</LI> | |
156 | <LI><A href="http://www.winton.org.uk/zebedee/">Zebedee</A>, a simple | |
157 | GPLd tunnel-building program with Linux and Win32 versions. The name is | |
158 | from<STRONG> Z</STRONG>lib compression,<STRONG> B</STRONG>lowfish | |
159 | encryption and<STRONG> D</STRONG>iffie-Hellman key exchange.</LI> | |
160 | <LI>There are at least two PPTP implementations for Linux | |
161 | <UL> | |
162 | <LI>Moreton Bay's<A href="http://www.moretonbay.com/vpn/pptp.html"> | |
163 | PoPToP</A></LI> | |
164 | <LI><A href="http://cag.lcs.mit.edu/~cananian/Projects/PPTP/">PPTP-Linux</A> | |
165 | </LI> | |
166 | </UL> | |
167 | </LI> | |
168 | <LI><A href="http://sites.inka.de/sites/bigred/devel/cipe.html">CIPE</A> | |
169 | (crypto IP encapsulation) project, using their own lightweight protocol | |
170 | to encrypt between routers</LI> | |
171 | <LI><A href="http://tinc.nl.linux.org/">tinc</A>, a VPN Daemon</LI> | |
172 | </UL> | |
173 | <P>There is a list of<A href="http://www.securityportal.com/lskb/10000000/kben10000005.html"> | |
174 | Linux VPN</A> software in the<A href="http://www.securityportal.com/lskb/kben00000001.html"> | |
175 | Linux Security Knowledge Base</A>.</P> | |
176 | <H2><A name="ipsec.link">The IPsec Protocols</A></H2> | |
177 | <H3><A name="general">General IPsec or VPN information</A></H3> | |
178 | <UL> | |
179 | <LI>The<A href="http://www.vpnc.org"> VPN Consortium</A> is a group for | |
180 | vendors of IPsec products. Among other things, they have a good | |
181 | collection of<A href="http://www.vpnc.org/white-papers.html"> IPsec | |
182 | white papers</A>.</LI> | |
183 | <LI>A VPN mailing list with a<A href="http://kubarb.phsx.ukans.edu/~tbird/vpn.html"> | |
184 | home page</A>, a FAQ, some product comparisons, and many links.</LI> | |
185 | <LI><A href="http://www.opus1.com/vpn/index.html">VPN pointer page</A></LI> | |
186 | <LI>a<A href="http://www.epm.ornl.gov/~dunigan/vpn.html"> collection</A> | |
187 | of VPN links, and some explanation</LI> | |
188 | </UL> | |
189 | <H3><A name="overview">IPsec overview documents or slide sets</A></H3> | |
190 | <UL> | |
191 | <LI>the FreeS/WAN<A href="ipsec.html"> document section</A> on these | |
192 | protocols</LI> | |
193 | </UL> | |
194 | <H3><A name="otherlang">IPsec information in languages other than | |
195 | English</A></H3> | |
196 | <UL> | |
197 | <LI><A href="http://www.imib.med.tu-dresden.de/imib/Internet/Literatur/ipsec-docu.html"> | |
198 | German</A></LI> | |
199 | <LI><A href="http://www.kame.net/index-j.html">Japanese</A></LI> | |
200 | <LI>Feczak Szabolcs' thesis in<A href="http://feczo.koli.kando.hu/vpn/"> | |
201 | Hungarian</A></LI> | |
202 | <LI>Davide Cerri's thesis and some presentation slides<A href="http://www.linux.it/~davide/doc/"> | |
203 | Italian</A></LI> | |
204 | </UL> | |
205 | <H3><A name="RFCs1">RFCs and other reference documents</A></H3> | |
206 | <UL> | |
207 | <LI><A href="rfc.html">Our document</A> listing the RFCs relevant to | |
208 | Linux FreeS/WAN and giving various ways of obtaining both RFCs and | |
209 | Internet Drafts.</LI> | |
210 | <LI><A href="http://www.vpnc.org/vpn-standards.html">VPN Standards</A> | |
211 | page maintained by<A href="glossary.html#VPNC"> VPNC</A>. This covers | |
212 | both RFCs and Drafts, and classifies them in a fairly helpful way.</LI> | |
213 | <LI><A href="http://www.rfc-editor.org">RFC archive</A></LI> | |
214 | <LI><A href="http://www.ietf.org/ids.by.wg/ipsec.html">Internet Drafts</A> | |
215 | related to IPsec</LI> | |
216 | <LI>US government<A href="http://www.itl.nist.gov/div897/pubs"> site</A> | |
217 | with their<A href="glossary.html#FIPS"> FIPS</A> standards</LI> | |
218 | <LI>Archives of the ipsec@tis.com mailing list where discussion of | |
219 | drafts takes place. | |
220 | <UL> | |
221 | <LI><A href="http://www.sandelman.ottawa.on.ca/ipsec">Eastern Canada</A></LI> | |
222 | <LI><A href="http://www.vpnc.org/ietf-ipsec">California</A>.</LI> | |
223 | </UL> | |
224 | </LI> | |
225 | </UL> | |
226 | <H3><A name="analysis">Analysis and critiques of IPsec protocols</A></H3> | |
227 | <UL> | |
228 | <LI>Counterpane's<A href="http://www.counterpane.com/ipsec.pdf"> | |
229 | evaluation</A> of the protocols</LI> | |
230 | <LI>Simpson's<A href="http://www.sandelman.ottawa.on.ca/linux-ipsec/html/1999/06/msg00319.html"> | |
231 | IKE Considered Dangerous</A> paper. Note that this is a link to an | |
232 | archive of our mailing list. There are several replies in addition to | |
233 | the paper itself.</LI> | |
234 | <LI>Fate Labs<A href="http://www.fatelabs.com/loki-vpn.pdf"> Virual | |
235 | Private Problems: the Broken Dream</A></LI> | |
236 | <LI>Catherine Meadows' paper<CITE> Analysis of the Internet Key Exchange | |
237 | Protocol Using the NRL Protocol Analyzer</CITE>, in<A href="http://chacs.nrl.navy.mil/publications/CHACS/1999/1999meadows-IEEE99.pdf"> | |
238 | PDF</A> or<A href="http://chacs.nrl.navy.mil/publications/CHACS/1999/1999meadows-IEEE99.ps"> | |
239 | Postscript</A>.</LI> | |
240 | <LI>Perlman and Kaufmnan | |
241 | <UL> | |
242 | <LI><A href="http://snoopy.seas.smu.edu/ee8392_summer01/week7/perlman2.pdf"> | |
243 | Key Exchange in IPsec</A></LI> | |
244 | <LI>a newer<A href="http://sec.femto.org/wetice-2001/papers/radia-paper.pdf"> | |
245 | PDF paper</A>,<CITE> Analysis of the IPsec Key Exchange Standard</CITE> | |
246 | .</LI> | |
247 | </UL> | |
248 | </LI> | |
249 | <LI>Bellovin's<A href="http://www.research.att.com/~smb/papers/index.html"> | |
250 | papers</A> page including his: | |
251 | <UL> | |
252 | <LI><CITE>Security Problems in the TCP/IP Protocol Suite</CITE> (1989)</LI> | |
253 | <LI><CITE>Problem Areas for the IP Security Protocols</CITE> (1996)</LI> | |
254 | <LI><CITE>Probable Plaintext Cryptanalysis of the IP Security Protocols</CITE> | |
255 | (1997)</LI> | |
256 | </UL> | |
257 | </LI> | |
258 | <LI>An<A href="http://www.lounge.org/ike_doi_errata.html"> errata list</A> | |
259 | for the IPsec RFCs.</LI> | |
260 | </UL> | |
261 | <H3><A name="IP.background">Background information on IP</A></H3> | |
262 | <UL> | |
263 | <LI>An<A href="http://ipprimer.windsorcs.com/"> IP tutorial</A> that | |
264 | seems to be written mainly for Netware or Microsoft LAN admins entering | |
265 | a new world</LI> | |
266 | <LI><A href="http://www.iana.org">IANA</A>, Internet Assigned Numbers | |
267 | Authority</LI> | |
268 | <LI><A href="http://public.pacbell.net/dedicated/cidr.html">CIDR</A>, | |
269 | Classless Inter-Domain Routing</LI> | |
270 | <LI>Also see our<A href="biblio.html"> bibliography</A></LI> | |
271 | </UL> | |
272 | <H2><A name="implement">IPsec Implementations</A></H2> | |
273 | <H3><A name="linuxprod">Linux products</A></H3> | |
274 | <P>Vendors using FreeS/WAN in turnkey firewall or VPN products are | |
275 | listed in our<A href="intro.html#turnkey"> introduction</A>.</P> | |
276 | <P>Other vendors have Linux IPsec products which, as far as we know, do | |
277 | not use FreeS/WAN</P> | |
278 | <UL> | |
279 | <LI><A href="http://www.redcreek.com/products/shareware.html">Redcreek</A> | |
280 | provide an open source Linux driver for their PCI hardware VPN card. | |
281 | This card has a 100 Mbit Ethernet port, an Intel 960 CPU plus more | |
282 | specialised crypto chips, and claimed encryption performance of 45 | |
283 | Mbit/sec. The PC sees it as an Ethernet board.</LI> | |
284 | <LI><A href="http://linuxtoday.com/stories/8428.html?nn">Paktronix</A> | |
285 | offer a Linux-based VPN with hardware encryption</LI> | |
286 | <LI><A href="http://www.watchguard.com/">Watchguard</A> use Linux in | |
287 | their Firebox product.</LI> | |
288 | <LI><A href="http://www.entrust.com">Entrust</A> offer a developers' | |
289 | toolkit for using their<A href="glossary.html#PKI"> PKI</A> for IPsec | |
290 | authentication</LI> | |
291 | <LI>According to a report on our mailing list,<A href="http://www.axent.com"> | |
292 | Axent</A> have a Linux version of their product.</LI> | |
293 | </UL> | |
294 | <H3><A name="router">IPsec in router products</A></H3> | |
295 | <P>All the major router vendors support IPsec, at least in some models.</P> | |
296 | <UL> | |
297 | <LI><A href="http://www.cisco.com/warp/public/707/16.html">Cisco</A> | |
298 | IPsec information</LI> | |
299 | <LI>Ascend, now part of<A href="http://www.lucent.com/"> Lucent</A>, | |
300 | have some IPsec-based products</LI> | |
301 | <LI><A href="http://www.nortelnetworks.com/">Bay Networks</A>, now part | |
302 | of Nortel, use IPsec in their Contivity switch product line</LI> | |
303 | <LI><A href="http://www.3com.com/products/enterprise.html">3Com</A> have | |
304 | a number of VPN products, some using IPsec</LI> | |
305 | </UL> | |
306 | <H3><A name="fw.web">IPsec in firewall products</A></H3> | |
307 | <P>Many firewall vendors offer IPsec, either as a standard part of their | |
308 | product, or an optional extra. A few we know about are:</P> | |
309 | <UL> | |
310 | <LI><A href="http://www.borderware.com/">Borderware</A></LI> | |
311 | <LI><A href="http://www.ashleylaurent.com/vpn/ipsec_vpn.htm">Ashley | |
312 | Laurent</A></LI> | |
313 | <LI><A href="http://www.watchguard.com">Watchguard</A></LI> | |
314 | <LI><A href="http://www.fx.dk/firewall/ipsec.html">Injoy</A> for OS/2</LI> | |
315 | </UL> | |
316 | <P>Vendors using FreeS/WAN in turnkey firewall products are listed in | |
317 | our<A href="intro.html#turnkey"> introduction</A>.</P> | |
318 | <H3><A name="ipsecos">Operating systems with IPsec support</A></H3> | |
319 | <P>All the major open source operating systems support IPsec. See below | |
320 | for details on<A href="#BSD"> BSD-derived</A> Unix variants.</P> | |
321 | <P>Among commercial OS vendors, IPsec players include:</P> | |
322 | <UL> | |
323 | <LI><A href="http://msdn.microsoft.com/isapi/msdnlib.idc?theURL=/library/backgrnd/html/msdn_ip_security.htm"> | |
324 | Microsoft</A> have put IPsec in their Windows 2000 and XP products</LI> | |
325 | <LI><A href="http://www.s390.ibm.com/stories/1999/os390v2r8_pr.html">IBM</A> | |
326 | announce a release of OS390 with IPsec support via a crypto | |
327 | co-processor</LI> | |
328 | <LI><A href="http://www.sun.com/solaris/ds/ds-security/ds-security.pdf"> | |
329 | Sun</A> include IPsec in Solaris 8</LI> | |
330 | <LI><A href="http://www.hp.com/security/products/extranet-security.html"> | |
331 | Hewlett Packard</A> offer IPsec for their Unix machines</LI> | |
332 | <LI>Certicom have IPsec available for the<A href="http://www.certicom.com/products/movian/movianvpn_tech.html"> | |
333 | Palm</A>.</LI> | |
334 | <LI>There were reports before the release that Apple's Mac OS X would | |
335 | have IPsec support built in, but it did not seem to be there when we | |
336 | last checked. If you find, it please let us know via the<A href="mail.html"> | |
337 | mailing list</A>.</LI> | |
338 | </UL> | |
339 | <H3><A NAME="29_3_5">IPsec on network cards</A></H3> | |
340 | <P>Network cards with built-in IPsec acceleration are available from at | |
341 | least Intel, 3Com and Redcreek.</P> | |
342 | <H3><A name="opensource">Open source IPsec implementations</A></H3> | |
343 | <H4><A name="linuxipsec">Other Linux IPsec implementations</A></H4> | |
344 | <P>We like to think of FreeS/WAN as<EM> the</EM> Linux IPsec | |
345 | implementation, but it is not the only one. Others we know of are:</P> | |
346 | <UL> | |
347 | <LI><A href="http://www.enst.fr/~beyssac/pipsec/">pipsecd</A>, a | |
348 | lightweight implementation of IPsec for Linux. Does not require kernel | |
349 | recompilation.</LI> | |
350 | <LI>Petr Novak's<A href="ftp://ftp.eunet.cz/icz/ipnsec/"> ipnsec</A>, | |
351 | based on the OpenBSD IPsec code and using<A href="glossary.html#photuris"> | |
352 | Photuris</A> for key management</LI> | |
353 | <LI>A now defunct project at<A href="http://www.cs.arizona.edu/security/hpcc-blue/linux.html"> | |
354 | U of Arizona</A> (export controlled)</LI> | |
355 | <LI><A href="http://snad.ncsl.nist.gov/cerberus">NIST Cerebus</A> | |
356 | (export controlled)</LI> | |
357 | </UL> | |
358 | <H4><A name="BSD">IPsec for BSD Unix</A></H4> | |
359 | <UL> | |
360 | <LI><A href="http://www.kame.net/project-overview.html">KAME</A>, | |
361 | several large Japanese companies co-operating on IPv6 and IPsec</LI> | |
362 | <LI><A href="http://web.mit.edu/network/isakmp">US Naval Research Lab</A> | |
363 | implementation of IPv6 and of IPsec for IPv4 (export controlled)</LI> | |
364 | <LI><A href="http://www.openbsd.org">OpenBSD</A> includes IPsec as a | |
365 | standard part of the distribution</LI> | |
366 | <LI><A href="http://www.r4k.net/ipsec">IPsec for FreeBSD</A></LI> | |
367 | <LI>a<A href="http://www.netbsd.org/Documentation/network/ipsec/"> FAQ</A> | |
368 | on NetBSD's IPsec implementation</LI> | |
369 | </UL> | |
370 | <H4><A name="misc">IPsec for other systems</A></H4> | |
371 | <UL> | |
372 | <LI><A href="http://www.tcm.hut.fi/Tutkimus/IPSEC/">Helsinki U of | |
373 | Technolgy</A> have implemented IPsec for Solaris, Java and Macintosh</LI> | |
374 | </UL> | |
375 | <H3><A name="interop.web">Interoperability</A></H3> | |
376 | <P>The IPsec protocols are designed so that different implementations | |
377 | should be able to work together. As they say "the devil is in the | |
378 | details". IPsec has a lot of details, but considerable success has been | |
379 | achieved.</P> | |
380 | <H4><A name="result">Interoperability results</A></H4> | |
381 | <P>Linux FreeS/WAN has been tested for interoperability with many other | |
382 | IPsec implementations. Results to date are in our<A href="interop.html"> | |
383 | interoperability</A> section.</P> | |
384 | <P>Various other sites have information on interoperability between | |
385 | various IPsec implementations:</P> | |
386 | <UL> | |
387 | <LI><A href="http://www.opus1.com/vpn/atl99display.html">interop results</A> | |
388 | from a bakeoff in Atlanta, September 1999.</LI> | |
389 | <LI>a French company, HSC's,<A href="http://www.hsc.fr/ressources/presentations/ipsec99/index.html.en"> | |
390 | interoperability</A> test data covers FreeS/WAN, Open BSD, KAME, Linux | |
391 | pipsecd, Checkpoint, Red Creek Ravlin, and Cisco IOS</LI> | |
392 | <LI><A href="http://www.icsa.net/">ICSA</A> offer certification programs | |
393 | for various security-related products. See their list of<A href="http://www.icsa.net/html/communities/ipsec/certification/certified_products/index.shtml"> | |
394 | certified IPsec</A> products. Linux FreeS/WAN is not currently on that | |
395 | list, but several products with which we interoperate are.</LI> | |
396 | <LI>VPNC have a page on why they are not yet doing<A href="http://www.vpnc.org/interop.html"> | |
397 | interoperability</A> testing and a page on the<A href="http://www.vpnc.org/conformance.html"> | |
398 | spec conformance</A> testing that they are doing</LI> | |
399 | <LI>a<A href="http://www.commweb.com/article/COM20000912S0009"> review</A> | |
400 | comparing a dozen commercial IPsec implemetations. Unfortunately, the | |
401 | reviewers did not look at Open Source implementations such as FreeS/WAN | |
402 | or OpenBSD.</LI> | |
403 | <LI><A href="http://www.tanu.org/~sakane/doc/public/report-ike-interop0007.html"> | |
404 | results</A> from interoperability tests at a conference. FreeS/WAN was | |
405 | not tested there.</LI> | |
406 | <LI>test results from the<A href="http://www.hsc.fr/ressources/veille/ipsec/ipsec2000/"> | |
407 | IPSEC 2000</A> conference</LI> | |
408 | </UL> | |
409 | <H4><A name="test1">Interoperability test sites</A></H4> | |
410 | <UL> | |
411 | <LI><A href="http://www.tahi.org/">TAHI</A>, a Japanese IPv6 testing | |
412 | project with free IPsec validation software</LI> | |
413 | <LI><A href="http://ipsec-wit.antd.nist.gov">National Institute of | |
414 | Standards and Technology</A></LI> | |
415 | <LI><A href="http://isakmp-test.ssh.fi/">SSH Communications Security</A></LI> | |
416 | </UL> | |
417 | <H2><A name="linux.link">Linux links</A></H2> | |
418 | <H3><A name="linux.basic">Basic and tutorial Linux information</A></H3> | |
419 | <UL> | |
420 | <LI>Linux<A href="http://linuxcentral.com/linux/LDP/LDP/gs/gs.html"> | |
421 | Getting Started</A> HOWTO document</LI> | |
422 | <LI>A getting started guide from the<A href="http://darkwing.uoregon.edu/~cchome/linuxgettingstarted.html"> | |
423 | U of Oregon</A></LI> | |
424 | <LI>A large<A href="http://www.herring.org/techie.html"> link collection</A> | |
425 | which includes a lot of introductory and tutorial material on Unix, | |
426 | Linux, the net, . . .</LI> | |
427 | </UL> | |
428 | <H3><A name="general">General Linux sites</A></H3> | |
429 | <UL> | |
430 | <LI><A href="http://www.freshmeat.net">Freshmeat</A> Linux news</LI> | |
431 | <LI><A href="http://slashdot.org">Slashdot</A> "News for Nerds"</LI> | |
432 | <LI><A href="http://www.linux.org">Linux Online</A></LI> | |
433 | <LI><A href="http://www.linuxhq.com">Linux HQ</A></LI> | |
434 | <LI><A href="http://www.tux.org">tux.org</A></LI> | |
435 | </UL> | |
436 | <H3><A name="docs.ldp">Documentation</A></H3> | |
437 | <P>Nearly any Linux documentation you are likely to want can be found at | |
438 | the<A href="http://metalab.unc.edu/LDP"> Linux Documentation Project</A> | |
439 | or LDP.</P> | |
440 | <UL> | |
441 | <LI><A href="http://metalab.unc.edu/LDP/HOWTO/META-FAQ.html">Meta-FAQ</A> | |
442 | guide to Linux information sources</LI> | |
443 | <LI>The LDP's HowTo documents are a standard Linux reference. See this<A href="http://www.linuxdoc.org/docs.html#howto"> | |
444 | list</A>. Documents there most relevant to a FreeS/WAN gateway are: | |
445 | <UL> | |
446 | <LI><A href="http://metalab.unc.edu/LDP/HOWTO/Kernel-HOWTO.html">Kernel | |
447 | HOWTO</A></LI> | |
448 | <LI><A href="http://metalab.unc.edu/LDP/HOWTO/Networking-Overview-HOWTO.html"> | |
449 | Networking Overview HOWTO</A></LI> | |
450 | <LI><A href="http://metalab.unc.edu/LDP/HOWTO/Security-HOWTO.html"> | |
451 | Security HOWTO</A></LI> | |
452 | </UL> | |
453 | </LI> | |
454 | <LI>The LDP do a series of Guides, book-sized publications with more | |
455 | detail (and often more "why do it this way?") than the HowTos. See this<A | |
456 | href="http://www.linuxdoc.org/guides.html"> list</A>. Documents there | |
457 | most relevant to a FreeS/WAN gateway are: | |
458 | <UL> | |
459 | <LI><A href="http://www.tml.hut.fi/~viu/linux/sag/">System | |
460 | Administrator's Guide</A></LI> | |
461 | <LI><A href="http://www.linuxdoc.org/LDP/nag2/index.html">Network | |
462 | Adminstrator's Guide</A></LI> | |
463 | <LI><A href="http://www.seifried.org/lasg/">Linux Administrator's | |
464 | Security Guide</A></LI> | |
465 | </UL> | |
466 | </LI> | |
467 | </UL> | |
468 | <P>You may not need to go to the LDP to get this material. Most Linux | |
469 | distributions include the HowTos on their CDs and several include the | |
470 | Guides as well. Also, most of the Guides and some collections of HowTos | |
471 | are available in book form from various publishers.</P> | |
472 | <P>Much of the LDP material is also available in languages other than | |
473 | English. See this<A href="http://www.linuxdoc.org/links/nenglish.html"> | |
474 | LDP page</A>.</P> | |
475 | <H3><A name="advroute.web">Advanced routing</A></H3> | |
476 | <P>The Linux IP stack has some new features in 2.4 kernels. Some HowTos | |
477 | have been written:</P> | |
478 | <UL> | |
479 | <LI>several HowTos for the<A href="http://netfilter.samba.org/unreliable-guides/"> | |
480 | netfilter</A> firewall code in newer kernels</LI> | |
481 | <LI><A href="http://www.ds9a.nl/2.4Networking/HOWTO//cvs/2.4routing/output/2.4networking.html"> | |
482 | 2.4 networking</A> HowTo</LI> | |
483 | <LI><A href="http://www.ds9a.nl/2.4Networking/HOWTO//cvs/2.4routing/output/2.4routing.html"> | |
484 | 2.4 routing</A> HowTo</LI> | |
485 | </UL> | |
486 | <H3><A name="linsec">Security for Linux</A></H3> | |
487 | <P>See also the<A href="#docs.ldp"> LDP material</A> above.</P> | |
488 | <UL> | |
489 | <LI><A href="http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#trinityos"> | |
490 | Trinity OS guide to setting up Linux</A></LI> | |
491 | <LI><A href="http://www.deter.com/unix">Unix security</A> page</LI> | |
492 | <LI><A href="http://linux01.gwdg.de/~alatham/">PPDD</A> encrypting | |
493 | filesystem</LI> | |
494 | <LI><A href="http://EncryptionHOWTO.sourceforge.net/">Linux Encryption | |
495 | HowTo</A> (outdated when last checked, had an Oct 2000 revision date in | |
496 | March 2002)</LI> | |
497 | </UL> | |
498 | <H3><A name="firewall.linux">Linux firewalls</A></H3> | |
499 | <P>Our<A href="firewall.html"> FreeS/WAN and firewalls</A> document | |
500 | includes links to several sets of<A href="firewall.html#examplefw"> | |
501 | scripts</A> known to work with FreeS/WAN.</P> | |
502 | <P>Other information sources:</P> | |
503 | <UL> | |
504 | <LI><A href="http://ipmasq.cjb.net/">IP Masquerade resource page</A></LI> | |
505 | <LI><A href="http://netfilter.samba.org/unreliable-guides/">netfilter</A> | |
506 | firewall code in 2.4 kernels</LI> | |
507 | <LI>Our list of general<A href="#firewall.web"> firewall references</A> | |
508 | on the web</LI> | |
509 | <LI><A href="http://users.dhp.com/~whisper/mason/">Mason</A>, a tool for | |
510 | automatically configuring Linux firewalls</LI> | |
511 | <LI>the web cache software<A href="http://www.squid-cache.org/"> squid</A> | |
512 | and<A href="http://www.squidguard.org/"> squidguard</A> which turns | |
513 | Squid into a filtering web proxy</LI> | |
514 | </UL> | |
515 | <H3><A name="linux.misc">Miscellaneous Linux information</A></H3> | |
516 | <UL> | |
517 | <LI><A href="http://lwn.net/current/dists.php3">Linux distribution | |
518 | vendors</A></LI> | |
519 | <LI><A href="http://www.linux.org/groups/">Linux User Groups</A></LI> | |
520 | </UL> | |
521 | <H2><A name="crypto.link">Crypto and security links</A></H2> | |
522 | <H3><A name="security">Crypto and security resources</A></H3> | |
523 | <H4><A name="std.links">The standard link collections</A></H4> | |
524 | <P>Two enormous collections of links, each the standard reference in its | |
525 | area:</P> | |
526 | <DL> | |
527 | <DT>Gene Spafford's<A href="http://www.cerias.purdue.edu/coast/hotlist/"> | |
528 | COAST hotlist</A></DT> | |
529 | <DD>Computer and network security.</DD> | |
530 | <DT>Peter Gutmann's<A href="http://www.cs.auckland.ac.nz/~pgut001/links.html"> | |
531 | Encryption and Security-related Resources</A></DT> | |
532 | <DD>Cryptography.</DD> | |
533 | </DL> | |
534 | <H4><A name="FAQ">Frequently Asked Question (FAQ) documents</A></H4> | |
535 | <UL> | |
536 | <LI><A href="http://www.faqs.org/faqs/cryptography-faq/">Cryptography | |
537 | FAQ</A></LI> | |
538 | <LI><A href="http://www.interhack.net/pubs/fwfaq">Firewall FAQ</A></LI> | |
539 | <LI><A href="http://www.whitefang.com/sup/secure-faq.html">Secure Unix | |
540 | Programming FAQ</A></LI> | |
541 | <LI>FAQs for specific programs are listed in the<A href="#tools"> tools</A> | |
542 | section below.</LI> | |
543 | </UL> | |
544 | <H4><A name="cryptover">Tutorials</A></H4> | |
545 | <UL> | |
546 | <LI>Gary Kessler's<A href="http://www.garykessler.net/library/crypto.html"> | |
547 | Overview of Cryptography</A></LI> | |
548 | <LI>Terry Ritter's<A href="http://www.ciphersbyritter.com/LEARNING.HTM"> | |
549 | introduction</A></LI> | |
550 | <LI>Peter Gutman's<A href="http://www.cs.auckland.ac.nz/~pgut001/tutorial/index.html"> | |
551 | cryptography</A> tutorial (500 slides in PDF format)</LI> | |
552 | <LI>Amir Herzberg of IBM's sildes for his course<A href="http://www.hrl.il.ibm.com/mpay/course.html"> | |
553 | Introduction to Cryptography and Electronic Commerce</A></LI> | |
554 | <LI>the<A href="http://www.gnupg.org/gph/en/manual/c173.html"> concepts | |
555 | section</A> of the<A href="glossary.html#GPG"> GNU Privacy Guard</A> | |
556 | documentation</LI> | |
557 | <LI>Bruce Schneier's self-study<A href="http://www.counterpane.com/self-study.html"> | |
558 | cryptanalysis</A> course</LI> | |
559 | </UL> | |
560 | <P>See also the<A href="#interesting"> interesting papers</A> section | |
561 | below.</P> | |
562 | <H4><A name="standards">Crypto and security standards</A></H4> | |
563 | <UL> | |
564 | <LI><A href="http://csrc.nist.gov/cc">Common Criteria</A>, new | |
565 | international computer and network security standards to replace the | |
566 | "Rainbow" series</LI> | |
567 | <LI>AES<A href="http://csrc.nist.gov/encryption/aes/aes_home.htm"> | |
568 | Advanced Encryption Standard</A> which will replace DES</LI> | |
569 | <LI><A href="http://grouper.ieee.org/groups/1363">IEEE P-1363 public key | |
570 | standard</A></LI> | |
571 | <LI>our collection of links for the<A href="#ipsec.link"> IPsec</A> | |
572 | standards</LI> | |
573 | <LI>history of<A href="http://www.visi.com/crypto/evalhist/index.html"> | |
574 | formal evaluation</A> of security policies and implementation</LI> | |
575 | </UL> | |
576 | <H4><A name="quotes">Crypto quotes</A></H4> | |
577 | <P>There are several collections of cryptographic quotes on the net:</P> | |
578 | <UL> | |
579 | <LI><A href="http://www.eff.org/pub/EFF/quotes.eff">the EFF</A></LI> | |
580 | <LI><A href="http://www.samsimpson.com/cquotes.php">Sam Simpson</A></LI> | |
581 | <LI><A href="http://www.amk.ca/quotations/cryptography/page-1.html">AM | |
582 | Kutchling</A></LI> | |
583 | </UL> | |
584 | <H3><A name="policy">Cryptography law and policy</A></H3> | |
585 | <H4><A name="legal">Surveys of crypto law</A></H4> | |
586 | <UL> | |
587 | <LI>International survey of<A href="http://cwis.kub.nl/~FRW/PEOPLE/koops/lawsurvy.htm"> | |
588 | crypto law</A>.</LI> | |
589 | <LI>International survey of<A href="http://rechten.kub.nl/simone/ds-lawsu.htm"> | |
590 | digital signature law</A></LI> | |
591 | </UL> | |
592 | <H4><A name="oppose">Organisations opposing crypto restrictions</A></H4> | |
593 | <UL> | |
594 | <LI>The<A href="glossary.html#EFF"> EFF</A>'s archives on<A href="http://www.eff.org/pub/Privacy/"> | |
595 | privacy</A> and<A href="http://www.eff.org/pub/Privacy/ITAR_export/"> | |
596 | export control</A>.</LI> | |
597 | <LI><A href="http://www.gilc.org">Global Internet Liberty Campaign</A></LI> | |
598 | <LI><A href="http://www.cdt.org/crypto">Center for Democracy and | |
599 | Technology</A></LI> | |
600 | <LI><A href="http://www.privacyinternational.org/">Privacy International</A> | |
601 | , who give out<A href="http://www.bigbrotherawards.org/"> Big Brother | |
602 | Awards</A> to snoopy organisations</LI> | |
603 | </UL> | |
604 | <H4><A name="other.policy">Other information on crypto policy</A></H4> | |
605 | <UL> | |
606 | <LI><A href="ftp://ftp.isi.edu/in-notes/rfc1984.txt">RFC 1984</A>, the<A href="glossary.html#IAB"> | |
607 | IAB</A> and<A href="glossary.html#IESG"> IESG</A> Statement on | |
608 | Cryptographic Technology and the Internet.</LI> | |
609 | <LI>John Young's collection of<A href="http://cryptome.org/"> documents</A> | |
610 | of interest to the cryptography, open government and privacy movements, | |
611 | organized chronologically</LI> | |
612 | <LI>AT&T researcher Matt Blaze's Encryption, Privacy and Security<A href="http://www.crypto.com"> | |
613 | Resource Page</A></LI> | |
614 | <LI>A good<A href="http://cryptome.org/crypto97-ne.htm"> overview</A> of | |
615 | the issues from Australia.</LI> | |
616 | </UL> | |
617 | <P>See also our documentation section on the<A href="politics.html"> | |
618 | history and politics</A> of cryptography.</P> | |
619 | <H3><A name="crypto.tech">Cryptography technical information</A></H3> | |
620 | <H4><A name="cryptolinks">Collections of crypto links</A></H4> | |
621 | <UL> | |
622 | <LI><A href="http://www.counterpane.com/hotlist.html">Counterpane</A></LI> | |
623 | <LI><A href="http://www.cs.auckland.ac.nz/~pgut001/links.html">Peter | |
624 | Gutman's links</A></LI> | |
625 | <LI><A href="http://www.pca.dfn.de/eng/team/ske/pem-dok.html">PKI links</A> | |
626 | </LI> | |
627 | <LI><A href="http://crypto.yashy.com/www/">Robert Guerra's links</A></LI> | |
628 | </UL> | |
629 | <H4><A name="papers">Lists of online cryptography papers</A></H4> | |
630 | <UL> | |
631 | <LI><A href="http://www.counterpane.com/biblio">Counterpane</A></LI> | |
632 | <LI><A href="http://www.cryptography.com/resources/papers"> | |
633 | cryptography.com</A></LI> | |
634 | <LI><A href="http://www.cryptosoft.com/html/secpub.htm">Cryptosoft</A></LI> | |
635 | </UL> | |
636 | <H4><A name="interesting">Particularly interesting papers</A></H4> | |
637 | <P>These papers emphasize important issues around the use of | |
638 | cryptography, and the design and management of secure systems.</P> | |
639 | <UL> | |
640 | <LI><A href="http://www.counterpane.com/keylength.html">Key length | |
641 | requirements for security</A></LI> | |
642 | <LI><A href="http://www.cl.cam.ac.uk/users/rja14/wcf.html">Why | |
643 | Cryptosystems Fail</A></LI> | |
644 | <LI><A href="http://www.cdt.org/crypto/risks98/">Risks of escrowed | |
645 | encryption</A></LI> | |
646 | <LI><A href="http://www.counterpane.com/pitfalls.html">Security pitfalls | |
647 | in cryptography</A></LI> | |
648 | <LI><A href="http://www.acm.org/classics/sep95">Reflections on Trusting | |
649 | Trust</A>, Ken Thompson on Trojan horse design</LI> | |
650 | <LI><A href="http://www.apache-ssl.org/disclosure.pdf">Security against | |
651 | Compelled Disclosure</A>, how to maintain privacy in the face of legal | |
652 | or other coersion</LI> | |
653 | </UL> | |
654 | <H3><A name="compsec">Computer and network security</A></H3> | |
655 | <H4><A name="seclink">Security links</A></H4> | |
656 | <UL> | |
657 | <LI><A href="http://www.cs.purdue.edu/coast/hotlist">COAST Hotlist</A></LI> | |
658 | <LI>DMOZ open directory project<A href="http://dmoz.org/Computers/Security/"> | |
659 | computer security</A> links</LI> | |
660 | <LI><A href="http://www-cse.ucsd.edu/users/bsy/sec.html">Bennet Yee</A></LI> | |
661 | <LI>Mike Fuhr's<A href="http://www.fuhr.org/~mfuhr/computers/security.html"> | |
662 | link collection</A></LI> | |
663 | <LI><A href="http://www.networkintrusion.co.uk/">links</A> with an | |
664 | emphasis on intrusion detection</LI> | |
665 | </UL> | |
666 | <H4><A name="firewall.web">Firewall links</A></H4> | |
667 | <UL> | |
668 | <LI><A href="http://www.cs.purdue.edu/coast/firewalls">COAST firewalls</A> | |
669 | </LI> | |
670 | <LI><A href="http://www.zeuros.co.uk">Firewalls Resource page</A></LI> | |
671 | </UL> | |
672 | <H4><A name="vpn">VPN links</A></H4> | |
673 | <UL> | |
674 | <LI><A href="http://www.vpnc.org">VPN Consortium</A></LI> | |
675 | <LI>First VPN's<A href="http://www.firstvpn.com/research/rhome.html"> | |
676 | white paper</A> collection</LI> | |
677 | </UL> | |
678 | <H4><A name="tools">Security tools</A></H4> | |
679 | <UL> | |
680 | <LI>PGP -- mail encryption | |
681 | <UL> | |
682 | <LI><A href="http://www.pgp.com/">PGP Inc.</A> (part of NAI) for | |
683 | commercial versions</LI> | |
684 | <LI><A href="http://web.mit.edu/network/pgp.html">MIT</A> distributes | |
685 | the NAI product for non-commercial use</LI> | |
686 | <LI><A href="http://www.pgpi.org/">international</A> distribution site</LI> | |
687 | <LI><A href="http://gnupg.org">GNU Privacy Guard (GPG)</A></LI> | |
688 | <LI><A href="http://www.dk.pgp.net/pgpnet/pgp-faq/">PGP FAQ</A></LI> | |
689 | </UL> | |
690 | A message in our mailing list archive has considerable detail on<A href="http://www.sandelman.ottawa.on.ca/linux-ipsec/html/2000/12/msg00029.html"> | |
691 | available versions</A> of PGP and on IPsec support in them. | |
692 | <P><STRONG>Note:</STRONG> A fairly nasty bug exists in all commercial | |
693 | PGP versions from 5.5 through 6.5.3. If you have one of those,<STRONG> | |
694 | upgrade now</STRONG>.</P> | |
695 | </LI> | |
696 | <LI>SSH -- secure remote login | |
697 | <UL> | |
698 | <LI><A href="http://www.ssh.fi">SSH Communications Security</A>, for the | |
699 | original software. It is free for trial, academic and non-commercial | |
700 | use.</LI> | |
701 | <LI><A href="http://www.openssh.com/">Open SSH</A>, the Open BSD team's | |
702 | free replacement</LI> | |
703 | <LI><A href="http://www.freessh.org/">freessh.org</A>, links to free | |
704 | implementations for many systems</LI> | |
705 | <LI><A href="http://www.uni-karlsruhe.de/~ig25/ssh-faq">SSH FAQ</A></LI> | |
706 | <LI><A href="http://www.chiark.greenend.org.uk/~sgtatham/putty/">Putty</A> | |
707 | , an SSH client for Windows</LI> | |
708 | </UL> | |
709 | </LI> | |
710 | <LI>Tripwire saves message digests of your system files. Re-calculate | |
711 | the digests and compare to saved values to detect any file changes. | |
712 | There are several versions available: | |
713 | <UL> | |
714 | <LI><A href="http://www.tripwiresecurity.com/">commercial version</A></LI> | |
715 | <LI><A href="http://www.tripwire.org/">Open Source</A></LI> | |
716 | </UL> | |
717 | </LI> | |
718 | <LI><A href="http://www.snort.org">Snort</A> and<A href="http://www.lids.org"> | |
719 | LIDS</A> are intrusion detection system for Linux</LI> | |
720 | <LI><A href="http://www.fish.com/~zen/satan/satan.html">SATAN</A> System | |
721 | Administrators Tool for Analysing Networks</LI> | |
722 | <LI><A href="http://www.insecure.org/nmap/">NMAP</A> Network Mapper</LI> | |
723 | <LI><A href="ftp://ftp.porcupine.org/pub/security/index.html">Wietse | |
724 | Venema's page</A> with various tools</LI> | |
725 | <LI><A href="http://ita.ee.lbl.gov/index.html">Internet Traffic Archive</A> | |
726 | , various tools to analyze network traffic, mostly scripts to organise | |
727 | and format tcpdump(8) output for specific purposes</LI> | |
728 | <LI><A name="ssmail">ssmail -- sendmail patched to do</A><A href="glossary.html#carpediem"> | |
729 | opportunistic encryption</A> | |
730 | <UL> | |
731 | <LI><A href="http://www.home.aone.net.au/qualcomm/">web page</A> with | |
732 | links to code and to a Usenix paper describing it, in PDF</LI> | |
733 | </UL> | |
734 | </LI> | |
735 | <LI><A href="http://www.openca.org/">Open CA</A> project to develop a | |
736 | freely distributed<A href="glossary.html#CA"> Certification Authority</A> | |
737 | for building a open<A href="glossary.html#PKI"> Public Key | |
738 | Infrastructure</A>.</LI> | |
739 | </UL> | |
740 | <H3><A name="people">Links to home pages</A></H3> | |
741 | <P>David Wagner at Berkeley provides a set of links to<A href="http://www.cs.berkeley.edu/~daw/people/crypto.html"> | |
742 | home pages</A> of cryptographers, cypherpunks and computer security | |
743 | people.</P> | |
744 | <HR> | |
745 | <A HREF="toc.html">Contents</A> | |
746 | <A HREF="mail.html">Previous</A> | |
747 | <A HREF="glossary.html">Next</A> | |
748 | </BODY> | |
749 | </HTML> |