Home Linux Appliance Platform Products Linux Appliance Platform Applications Linux Appliance Platform Contact Linux Appliance Platform


Linux IP Appliance

Best of Show Security and Encryption
Arlinx IP Platform wins top honor at the 2007 Internet Telephony Conference and Expo
Editor' Choice Best of Show Award.
(Best of the Best of Show)



Arlinx IP Security Platform
Strong Authentication,
Accelerated Encryption,
Certified Cryptographic Storage

Uses 98% Less Electricity (6 Watts vs. 300 Watts)
RoHS Compliant, No Battery, Long Life Cycle, Recyclable, Environmentally Benign Manufacturing,
Best Performance per Watt in the Industry

Taking a leap beyond the typical security appliance, the Arlinx IP Security Platform takes the additional steps to keep your network secure. Arlinx has added hardware accelerated encryption and ultra secure certified cryptographic storage module to store OEM codes, encryption keys, and authentication certificates. Two GigE ports with two fiber-optic and two copper connectors, no moving parts, 20 year MTBF, amazing performance per watt. CPU executes over 1.3 Billion Instructions per Second at 6 Watts. Encryption Accelerator runs in parallel with the CPU and does not use any CPU cycles for encryption/decryption

The Arlinx Security Platform is built on the technologically advanced IP Elite Platform and has all its sophisticated features. For more on the Arlinx IP Platform click "Products" above.

Ideal Platform for the following:

Product Description

Arlinx specializes in open and energy efficient (6 Watt) application specific Linux platforms as an alternative to a 500 Watt x86 machine. By providing an application specific platform we can provide integrators with a very efficient Security Platform. We use IBM's IP optimized Power Architecture System on a Chip (SoC) with an on chip IPSec/SSL hardware accelerator SafeNet, Inc. claims the integrated crypto accelerator can sustain 600 Mbs Encryption/Decryption throughput with their IPSec/SSL stack. We have an on board crypto security storage module and micro-controller certified by MC/Visa, EuroPay, and HBCI.

Encryption and decryption is much more secure than adding crypto storage to an x86 machine. All communications between the module and the processor are encrypted. Encryption/Decryption is done within the 16KB SRAM within the SoC processor. The encryption process is never exposed to the outside world. With an x86 solution an In-Circuit-Emulator or Logic Analyzer can be connected to the circuitry to monitor and reverse engineer the encryption process.

The crypto storage is used to store subscriber ID, authentication certificates, encryption keys, and OEM authorization codes. Max crypto storage today is 1GB and is expected to reach 4 GB this year with internal EEPROM, NOR Flash, or NAND Flash.

Our platform motherboard is a mini-ITX form factor (6.7"x6.7") and is powered by a single 5VDC source requiring only 6 Watts of power. Our 1U chassis has dual 5VDC power supplies and will accommodate 2 full length PCI cards. The on board DC-DC converters operate with an efficiency of 90-95%. The energy efficiency produces little heat increasing system reliability and greatly increasing product life cycle with a MTBF exceeding 20 years. No fans or moving parts for silent and maintenance free operation.

Our Remote Management features the ability to reliably upgrade the Operating System without error even in the event of power or communications failures. The platform contains no proprietary hardware or software with open source and open hardware APIs and SDKs. This open environment allows seamless integration with maintenance procedures and policies of other network devices and IP servers and systems.

The Power Architecture SoC has 2 integrated GigE controllers, integrated 64 bit DDR2 controller with ECC supporting 1GB on board low voltage DDR2 RAM at a data rate of 333 Mhz, integrated NOR flash controller supporting up to 512MB on board NOR Flash, and on board controller for CompactFlash in place of a hard drive greatly reducing access time and increasing throughput while increasing reliability and energy efficiency. An excellent alternate storage option is Network Attached Storage. With two GigE ports and the Ethernet controllers being integrated into the IP Optimized SoC, data transfer can rates exceed any Hard Drive option.

The board will boot from the NOR flash requiring less than 8MB for U-Boot and Kbuntu embedded Linux, leaving plenty of storage for web server, application software, and data in addition to the CompactFlash.

Our platform supports the 2 GigE ports with 2 fiber-optic and 2 copper connectors, the customer chooses which 2 of the 4 connectors to use. For expansion there is a PCI expansion connector, 4 High Speed (480 Mbs) USB 2.0 ports, a local bus expansion connector for customized applications.

More government agencies and enterprises are implementing formal green technology policies that require energy efficient computing devices and make energy efficiency a major criteria in the procurement process. These green policies will favor products built on the Arlinx platform helping integrators and resellers win more bids without reducing profit margins. With longer product life cycle, reduced maintenance cost, high reliability that reduces the need for redundancy and over provisioning, and with a 90-95% reduction in energy costs the Arlinx platform can demonstrate an incredible ROI. Our platform can save over $12,000 over 5 years just in savings from electricity, air conditioning, and battery backup. Further cost savings and be realized from not having to use expensive cooled server cabinets.

Open Source

Authentication

  • FreeRADIUS, a RADIUS AAA server for Authentication, Authorization, and Accounting (AAA) protocol
  • OpenRADIUS, a RADIUS AAA server
  • Open Diameter, is the proposed successor of the RADIUS.
  • Apache RADIUS AAA module, Radius client implementation for Apache to allow basic authentication and authorization through RADIUS protocol.
  • Radiusclient, FreeRADIUS Client, a framework and library for writing RADIUS Clients
  • radiusclient-ng, library support for RADIUS
  • Open1x, is an implementation of the IEEE 802.1X protocol, support for the authenticator and supplicant
  • EAP-IKEv2, an Extensible Authentication Protocol (EAP) authentication method based on the Internet Key Exchange Protocol version 2 (IKEv2)
  • PEAP, Protected Extensible Authentication Protocol, a method to securely transmit authentication information, including passwords, over wired or wireless networks
  • EAP-TLS, uses PKI to secure communication to the RADIUS authentication server
  • Kerberos, a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.
  • Kerberos Module For Apache, provides Kerberos user authentication to the Apache web server.
  • pam_krb5, integrates Kerberos 5 password checking with applications built using PAM, supports session-specific ticket files, Kerberos IV ticket file grabbing, and AFS token-grabbing.
  • OpenLDAP, Lightweight Directory Access Protocol.
  • LDAP Application Authentication, an application authentication/authorization mechanism (similar to RSA's ClearTrust)based on LDAP
  • OpenCA PKI, Certification Authority implementing the most used protocols with full-strength cryptography world-wide
  • OpenCA OCSPD, an RFC2560 compliant OCSPD responder
  • minos php authentication server, secure authentication server
  • Smart Sign, a set of modules that enable the use of SmartCard based authentication & digital signature security services. It also interact with the OpenCA project to provide a SmartCard-based PKI.
  • WiKID Strong Authentication System, is a key-based two-factor authentication system.
  • NuFW, Authenticate any connection that goes through your gateway, accounting, routing and quality of service

PAM Pluggable Auth Modules

  • pam_radius, a PAM module to authenticate local users to a RADIUS server
  • pam_radius_auth, a RADIUS client for authentication and accounting requests
  • pam_abl, PAM module that provides auto blacklisting of hosts and users responsible for repeated failed authentication attempts
  • pam_passwdqc, a simple password strength checking module for PAM-aware password changing programs
  • mod_auth_radius, The RADIUS authentication module for the Apache web server
  • pam_krb5, integrates Kerberos 5 password checking with applications built using PAM, supports session-specific ticket files, Kerberos IV ticket file grabbing, and AFS token-grabbing.
  • mod_auth_sspi, Apache2 SSPI authentication module which let Apache2 users authenticate against Win32 domains
  • mod_auth_shadow, an Apache module for authentication using /etc/shadow
  • mod_auth_samba, Apache authentication module, which allows you to use username/passwords from your Windows NT workgroups in your UNIX based Apache web servers.
  • mod_auth_script, Apache module makes it possible authentication/authorization to be done by an external program. The external program can be provided as a CGI, PHP or any other schemes which allow dynamic content to Apache
  • PAM X509, Pluggable Authentication Module, PAM module which will authenticate user by X.509 certificates
  • pam_mount module, a Pluggable Authentication Module that can mount volumes for a user session, tmpfs, FUSE, smbfs, cryptoloop, LUKS mounts
  • pam_usb, a PAM module that enables authentication using a USB storage device through DSA private/public keys. It can also work with floppy disks, CD-ROMs, or any kind of mountable device.
  • NTLM auth module for Apache/Unix, an authentication method used by Microsoft IIS and Internet Explorer. This modules is implementing NTLM for Apache 1.3.9 and Apache 2.0.

Router

  • Vyatta, commercially supported, open-source router and firewall (based on xorp)
  • XORP is the eXtensible Open Router Platform
  • Scalable SIP server, SIP registrar/proxy/router/application server, TLS secure communication, AAA, ENUM, LCR, load balancing, NAT traversal, OSP, CPL, SNMP, IM&Presence, DNS failover.

Firewall

  • Endian Firewall, a linux security distribution, firewall, e-mail virus & spam filter, web filter, VPN
  • Zorp GPL, a transparent proxy firewall, with strict protocol analyzing proxies, a modular architecture,
  • yxorp, is a reverse proxy and application level firewall for the HTTP protocol
  • fwknop, firewall authorization server passively monitors SPA authorization packets

VPN

  • OpenVPN is a full-featured SSL VPN solution which can accommodate a wide range of configurations
  • AmritaVPN (amvpn),a virtual private networking tool that allows two private IP networks to be seamlessly connected together through a public network such as the Internet. Uses SSL for strong encryption and authentication.
  • GVPE, a secure vpn network among multiple nodes over an untrusted network.
  • tinc, is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet.

Intrusion Detection Prevention and Assessment

  • TIGER, security auditing and real-time, host-based intrusion detection
  • Snort is a network intrusion detection system that performs real-time traffic analysis and packet logging on IP networks.
  • Nessus, a vulnerability assessment scanner
  • Firestorm, is a high performance network intrusion detection system
  • The Virtual eXecuting Environment (VXE) protects a server proactively and lets you prevent intrusions rather than just report them.
  • Netcat, a network debugging and exploration tool
  • OSSEC, a Host-based Intrusion Detection System
  • Nmap, a utility for network exploration or security auditing.
  • sshdfilter, blocks ssh brute force attacks
  • APSR, test firewalls, routing, and security.
  • P0f, passive OS fingerprinting tool profiling information about your users, customers or attackers
  • Pads, used for service anomaly detection.
  • WormScan, reports attempted attacks on your Apache Web server.
  • IP Sentinel, a tool that prevents unauthorized usage of IP addresses within an ethernet broadcast domain.
  • Tcptrack, packet sniffer that passively watches for connections on a specified network interface, tracks their states, and lists them.
  • Spade, the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signature.
  • Ntop, a network traffic probe that shows the network usage which builds network information database to detect aberrant behavior anomaly detection.
  • Nagios, a host and service monitor designed to inform you of network problems before your clients, end-users or managers do.
  • Osiris, a Host Integrity Monitoring System.

Filters

  • IPCop, a Linux Firewall Distribution based on netfilter
  • Netfilter, Internet firewall based on stateless and stateful packet filtering, build sophisticated QoS and policy routers, network address and port translation

Encryption

  • OpenSSL, Project a robust, commercial-grade, fully featured toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) and cryptography library.
  • Crypto++, C++ library for cryptography: includes ciphers, message authentication codes, one-way hash functions, public-key cryptosystems, and key agreement schemes
  • BeeCrypt Cryptography Library, cryptography toolkit, Includes entropy sources, random generators, block ciphers, hash functions, message authentication codes, multiprecision integer routines, and public key primitives.
  • Kasai, a Java based authentication and authorization framework
  • curlpp, a C++ wrapper for libcurl, a free and easy-to-use client-side URL transfer library, supporting FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. libcurl supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, kerberos, HTTP
  • LibPKI, PKI library for PKI enabled application development, implement complex cryptographic operations with a few simple function calls by implementing an high-level cryptographic API
  • libsrtp, a library implementing Secure RTP, the Secure Real-time Transport Protocol. RTP is used for Voice over IP (VoIP) as well as audio and video streaming; SRTP adds confidentiality and authentication.
  • DTLS Application pack, DTLS client and DTLS server to show how to send UDP data over an encrypted channel using OpenSSL DTLSv1
  • Zebedee, establishes an encrypted, compressed tunnel for TCP/IP or UDP data transfer between two systems.
  • ipsec-tools for various IPsec implementations.
  • SSHD Library (libsshd), enables server programs to easily integrate full SSH1 / SSH2 protocol authentication and support natively, built on top of existing and proven OpenSSH technology.

Misc

  • cvsauth, an authentication daemon for the CVS pserver method.
  • JOSSO Java Open Single Sign-On, a J2EE-based SSO infrastructure aimed to provide a solution for centralized platform neutral user authentication and authorization.
  • FreeNAS, Network Attached Storage server supporting: CIFS (samba), FTP, NFS, RSYNC, SSH, AFP, Unison, UPnP protocols, local and MS Domain authentication, Software RAID (0,1,5)
  • Authoxy, a reverse-proxy allowing authentication to Apache restricted directories via a HTML FORM instead of a pop-up
  • Just For Fun Network Management System, Network Management System Is SNMP-Standard Oriented (tested on Cisco and Linux). It Integrates Syslog, Tacacs, RRDtool (Performance Graphs), Maps, Traps, TFTP, Autodiscovery, Sound Alerts, AAA
  • Arpwatch, used for mac anomaly detection.
  • Doorman, port knocker, allows a server to run silently, invisibly, with all TCP ports closed. Watches for "knock" as an encrypted UDP packet "key" to open the port.
  • fwknop, Single Packet Authorization (SPA), improved port knocker
  • SILC, provides secure conferencing services. Strong cryptographic methods are used to secure all traffic, and all messages are encrypted and authenticated.
  • gnoMint, a tool for easily creating and managing certification authorities.
  • grsecurity, an innovative approach to security utilizing a multi-layered detection, prevention, and containment model.
  • oftpd, is designed to be as secure as an anonymous FTP server
  • Yafc Yet Another FTP Client, support for Kerberos 4/5 authentication and sftp (ssh2)
  • Trent, a system designed to handle being a modular authentication server system for a wide variety of resource-managers
  • KINEC, a client/server chat program designed to keep you secure. It uses strong algorithms for encryption and authentication and will not compromise security.
  • Muzzle Instant Messenger, xml based instant messenging protocol as well as multi platform clients. The project also emphasises on integrating strong cryptography.
  • PSST, a peer to peer voice/text chat program for Windows and Linux that utilises strong encryption to protect the privacy of communication between users.
  • free chat-server, chatserver written in Java, Authentication over sql-databases
  • FSFS, a secure distributed file system in user space built over FUSE and OpenSSL
  • CrossFTP Server is a professional FTP Server for multiple platforms.
  • Whitebeam, XML/XPath based secure application framework.
  • Passenger, a secure POP/IMAP proxy(gateway) server.
  • PIPE, an encrypted chat client/server pair using 1024 bit RSA encryption to establish 256 bit AES encrypted sessions
  • fwsecvpop3d, a secure, fast pop3 server.
  • RH Email Server, an email server in a box. Using ldap authentication for imap, pop3, smtp, and SSL/TLS versions of each
  • IKECrack, an IKE/IPSec crack tool designed to perform Pre-Shared-Key [password] analysis of RFC compliant aggressive mode authentication.
  • Scapy, an interactive packet manipulation program.
  • Antinat, a SOCKS server and client library for writing proxy-based applications. It supports SOCKS 4, SOCKS 5, authentication, CHAP, XML firewalling, Win32, server chaining, and UDP