IP Security and Telephony Open Source Applications for Arlinx IP Platforms
Ideal IP Telephony Platform for the following:
All Linux IP Telephony and IP Communications Software
Open Source or Commercial
IP-PBX
VoIP Firewall
VoIP Vulnerability Test Generator
Session Border Controller
SIP Proxy Server
SIP Registrar Server
SIP Location Server
VoIP Gateway
VoIP VPN
Router
VoIP Packet Filter
VoIP Traffic Shaping
QoS Monitor
IP Telephony Open Source
vpbx, a Virtual PBX system integrating Asterisk & ASTARA API with Erlang Softswitch & a Voice Call Continuance server for secure scalable VPBX services for UMA,GSM & SS7 on Linux 2.6.18+.
Asterisk, a VoIP PBX
SIPx, a VoIP PBX
OpenPBX a VoIP PBX
FreeSWITCH a VoIP PBX
AstLinux, a Linux distribution centered around Asterisk
Trixbox a Linux distribution centered around Asterisk
AsteriskNOW, a Linux distribution centered around Asterisk
OpenH323, tools for developing H.323 servers and endpoints, gateway server, conference bridge server, softphone
Bayonne a telephony application server, IVR, PBX
YATE a telephony engine, VoIP server, VoIP client, VoIP to PSTN gateway, H.323 gatekeeper, H.323 multiple endpoint server, H.323<->SIP Proxy, SIP session border controller, SIP router, SIP registration server, IAX server and/or client, IP Telephony server and/or client, IVR engine, Prepaid and/or postpaid cards system
SIP Express Router (SER), SIP registrar, proxy or redirect server
OpenSER a SIP proxy server, SIP registrar server, SIP location server, SIP application server, SIP dispatcher server
OpenSBC SIP proxy server, SIP Proxy server, SIP Registrar server
OpenSIPStack Library, a fully compliant interface to the SIP protocol with scalability
Mobicents, SLEE SIP Application Server, NGIN convergence of voice, video and data
AstShape, Routing, filtering and traffic shaping, for monitoring and maintaining QoS
myshaper, predecessor to AstShape
Wonder Shaper, predecessor to myshaper
AMP a web-based administrative interface to Asterisk
1VideoConverence, a audio-video conference call software for Asterisk with support for Web, phone, MSN, Skype, Yahoo, and Jabber clients.
SoX, a command line utility that can convert various formats of audio files in to other formats. Can be used to create voicemail prompts and record VoIP calls.
Festival, speech synthesis, make an IP-PBX talk.
SpanDSP, media processing library for DTMF detection, transmit and receive faxes.
SIP Proxy VoIP Security Test Tool, eavesdrop and manipulate SIP traffic, predefined security test cases can be executed to find weak spots in VoIP devices. Security analysts can add and execute custom test cases
SIPp, a test tool and traffic generator for SIP
sipsak, command line tool used for some simple tests on SIP applications and devices
PROTOS Test-Suite: c07-sip, a SIP test-suite
PJSIP, a SIP stack
Open SIP Stack, a SIP stack
oSIP, a SIP stack
Security
The Linux Platform is very well suited for Security Applications. It has an
encryption accelerator and certifed cryptographic storage.
Ideal IP Security Platform for the following:
All Linux Security Software, Open Source or Commercial
The Linux Platform is very well suited for Security Applications with its
certifed cryptographic storage. Certifed by Master Card Visa, EuroPay and HBCI
Home Banking. Very secure storage for digital and autentication certificates
and private encryption keys.
FreeRADIUS, a RADIUS AAA server for Authentication, Authorization, and Accounting (AAA) protocol
EAP-TLS, uses PKI to secure communication to the RADIUS authentication server
Kerberos, a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.
pam_krb5, integrates Kerberos 5 password checking with applications built using PAM, supports session-specific ticket files, Kerberos IV ticket file grabbing, and AFS token-grabbing.
minos php authentication server, secure authentication server
Smart Sign, a set of modules that enable the use of SmartCard based authentication & digital signature security services. It also interact with the OpenCA project to provide a SmartCard-based PKI.
WiKID Strong Authentication System, is a key-based two-factor authentication system.
NuFW, Authenticate any connection that goes through your gateway, accounting, routing and quality of service
pam_radius, a PAM module to authenticate local users to a RADIUS server
pam_radius_auth, a RADIUS client for authentication and accounting requests
pam_abl, PAM module that provides auto blacklisting of hosts and users responsible for repeated failed authentication attempts
pam_passwdqc, a simple password strength checking module for PAM-aware password changing programs
mod_auth_radius, The RADIUS authentication module for the Apache web server
pam_krb5, integrates Kerberos 5 password checking with applications built using PAM, supports session-specific ticket files, Kerberos IV ticket file grabbing, and AFS token-grabbing.
mod_auth_sspi, Apache2 SSPI authentication module which let Apache2 users authenticate against Win32 domains
mod_auth_shadow, an Apache module for authentication using /etc/shadow
mod_auth_samba, Apache authentication module, which allows you to use username/passwords from your Windows NT workgroups in your UNIX based Apache web servers.
mod_auth_script, Apache module makes it possible authentication/authorization to be done by an external program. The external program can be provided as a CGI, PHP or any other schemes which allow dynamic content to Apache
PAM X509, Pluggable Authentication Module, PAM module which will authenticate user by X.509 certificates
pam_mount module, a Pluggable Authentication Module that can mount volumes for a user session, tmpfs, FUSE, smbfs, cryptoloop, LUKS mounts
pam_usb, a PAM module that enables authentication using a USB storage device through DSA private/public keys. It can also work with floppy disks, CD-ROMs, or any kind of mountable device.
NTLM auth module for Apache/Unix, an authentication method used by Microsoft IIS and Internet Explorer. This modules is implementing NTLM for Apache 1.3.9 and Apache 2.0.
Router
Vyatta, commercially supported, open-source router, firewall and VPN (based on xorp)
Vyatta, commercially supported, open-source router, firewall and VPN (based on xorp)
Endian Firewall, a linux security distribution, firewall, e-mail virus & spam filter, web filter, VPN
Zorp GPL, a transparent proxy firewall, with strict protocol analyzing proxies, a modular architecture,
yxorp, is a reverse proxy and application level firewall for the HTTP protocol
fwknop, firewall authorization server passively monitors SPA authorization packets
VPN
The Linux Platform is very well suited for VPN Applications. It has an
encryption accelerator and certifed cryptographic storage.
Vyatta, commercially supported, open-source router, firewall and VPN (based on xorp)
OpenVPN is a full-featured SSL VPN solution which can accommodate a wide range of configurations
AmritaVPN (amvpn),a virtual private networking tool that allows two private IP networks to be seamlessly connected together through a public network such as the Internet. Uses SSL for strong encryption and authentication.
GVPE, a secure vpn network among multiple nodes over an untrusted network.
tinc, is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet.
Intrusion Detection Prevention and Assessment
TIGER, security auditing and real-time, host-based intrusion detection
Snort is a network intrusion detection system that performs real-time traffic analysis and packet logging on IP networks.
Nessus, a vulnerability assessment scanner
Firestorm, is a high performance network intrusion detection system
The Virtual eXecuting Environment (VXE) protects a server proactively and lets you prevent intrusions rather than just report them.
Netcat, a network debugging and exploration tool
OSSEC, a Host-based Intrusion Detection System
Nmap, a utility for network exploration or security auditing.
sshdfilter, blocks ssh brute force attacks
APSR, test firewalls, routing, and security.
P0f, passive OS fingerprinting tool profiling information about your users, customers or attackers
Pads, used for service anomaly detection.
WormScan, reports attempted attacks on your Apache Web server.
IP Sentinel, a tool that prevents unauthorized usage of IP addresses within an ethernet broadcast domain.
Tcptrack, packet sniffer that passively watches for connections on a specified network interface, tracks their states, and lists them.
Spade, the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signature.
Ntop, a network traffic probe that shows the network usage which builds network information database to detect aberrant behavior anomaly detection.
Nagios, a host and service monitor designed to inform you of network problems before your clients, end-users or managers do.
Osiris, a Host Integrity Monitoring System.
Filters
IPCop, a Linux Firewall Distribution based on netfilter
Netfilter, Internet firewall based on stateless and stateful packet filtering, build sophisticated QoS and policy routers, network address and port translation
Encryption
The Linux Platform is very well suited for Encryption Applications with its
encryption accelerator.
OpenSSL, Project a robust, commercial-grade, fully featured toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) and cryptography library.
Crypto++, C++ library for cryptography: includes ciphers, message authentication codes, one-way hash functions, public-key cryptosystems, and key agreement schemes
BeeCrypt Cryptography Library, cryptography toolkit, Includes entropy sources, random generators, block ciphers, hash functions, message authentication codes, multiprecision integer routines, and public key primitives.
Kasai, a Java based authentication and authorization framework
curlpp, a C++ wrapper for libcurl, a free and easy-to-use client-side URL transfer library, supporting FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. libcurl supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, kerberos, HTTP
LibPKI, PKI library for PKI enabled application development, implement complex cryptographic operations with a few simple function calls by implementing an high-level cryptographic API
libsrtp, a library implementing Secure RTP, the Secure Real-time Transport Protocol. RTP is used for Voice over IP (VoIP) as well as audio and video streaming; SRTP adds confidentiality and authentication.
DTLS Application pack, DTLS client and DTLS server to show how to send UDP data over an encrypted channel using OpenSSL DTLSv1
Zebedee, establishes an encrypted, compressed tunnel for TCP/IP or UDP data transfer between two systems.
ipsec-tools for various IPsec implementations.
SSHD Library (libsshd), enables server programs to easily integrate full SSH1 / SSH2 protocol authentication and support natively, built on top of existing and proven OpenSSH technology.
Misc
cvsauth, an authentication daemon for the CVS pserver method.
JOSSO Java Open Single Sign-On, a J2EE-based SSO infrastructure aimed to provide a solution for centralized platform neutral user authentication and authorization.
FreeNAS, Network Attached Storage server supporting: CIFS (samba), FTP, NFS, RSYNC, SSH, AFP, Unison, UPnP protocols, local and MS Domain authentication, Software RAID (0,1,5)
Authoxy, a reverse-proxy allowing authentication to Apache restricted directories via a HTML FORM instead of a pop-up
Just For Fun Network Management System, Network Management System Is SNMP-Standard Oriented (tested on Cisco and Linux). It Integrates Syslog, Tacacs, RRDtool (Performance Graphs), Maps, Traps, TFTP, Autodiscovery, Sound Alerts, AAA
Arpwatch, used for mac anomaly detection.
Doorman, port knocker, allows a server to run silently, invisibly, with all TCP ports closed. Watches for "knock" as an encrypted UDP packet "key" to open the port.
fwknop, Single Packet Authorization (SPA), improved port knocker
SILC, provides secure conferencing services. Strong cryptographic methods are used to secure all traffic, and all messages are encrypted and authenticated.
gnoMint, a tool for easily creating and managing certification authorities.
grsecurity, an innovative approach to security utilizing a multi-layered detection, prevention, and containment model.
oftpd, is designed to be as secure as an anonymous FTP server
Yafc Yet Another FTP Client, support for Kerberos 4/5 authentication and sftp (ssh2)
Trent, a system designed to handle being a modular authentication server system for a wide variety of resource-managers
KINEC, a client/server chat program designed to keep you secure. It uses strong algorithms for encryption and authentication and will not compromise security.
Muzzle Instant Messenger, xml based instant messenging protocol as well as multi platform clients. The project also emphasises on integrating strong cryptography.
PSST, a peer to peer voice/text chat program for Windows and Linux that utilises strong encryption to protect the privacy of communication between users.
free chat-server, chatserver written in Java, Authentication over sql-databases
FSFS, a secure distributed file system in user space built over FUSE and OpenSSL
CrossFTP Server is a professional FTP Server for multiple platforms.
Whitebeam, XML/XPath based secure application framework.
Passenger, a secure POP/IMAP proxy(gateway) server.
PIPE, an encrypted chat client/server pair using 1024 bit RSA encryption to establish 256 bit AES encrypted sessions
fwsecvpop3d, a secure, fast pop3 server.
RH Email Server, an email server in a box. Using ldap authentication for imap, pop3, smtp, and SSL/TLS versions of each
IKECrack, an IKE/IPSec crack tool designed to perform Pre-Shared-Key [password] analysis of RFC compliant aggressive mode authentication.
Scapy, an interactive packet manipulation program.
Antinat, a SOCKS server and client library for writing proxy-based applications. It supports SOCKS 4, SOCKS 5, authentication, CHAP, XML firewalling, Win32, server chaining, and UDP
