Linux IP Appliance


Linux IP Appliance


IP Security and Telephony Open Source Applications for Arlinx IP Platforms

Ideal IP Telephony Platform for the following:

  • All Linux IP Telephony and IP Communications Software
    • Open Source or Commercial
  • IP-PBX
  • VoIP Firewall
  • VoIP Vulnerability Test Generator
  • Session Border Controller
  • SIP Proxy Server
  • SIP Registrar Server
  • SIP Location Server
  • VoIP Gateway
  • VoIP VPN
  • Router
  • VoIP Packet Filter
  • VoIP Traffic Shaping
  • QoS Monitor

IP Telephony Open Source

  • vpbx, a Virtual PBX system integrating Asterisk & ASTARA API with Erlang Softswitch & a Voice Call Continuance server for secure scalable VPBX services for UMA,GSM & SS7 on Linux 2.6.18+.
  • Asterisk, a VoIP PBX
  • SIPx, a VoIP PBX
  • OpenPBX a VoIP PBX
  • FreeSWITCH a VoIP PBX
  • AstLinux, a Linux distribution centered around Asterisk
  • Trixbox a Linux distribution centered around Asterisk
  • AsteriskNOW, a Linux distribution centered around Asterisk
  • OpenH323, tools for developing H.323 servers and endpoints, gateway server, conference bridge server, softphone
  • Bayonne a telephony application server, IVR, PBX
  • YATE a telephony engine, VoIP server, VoIP client, VoIP to PSTN gateway, H.323 gatekeeper, H.323 multiple endpoint server, H.323<->SIP Proxy, SIP session border controller, SIP router, SIP registration server, IAX server and/or client, IP Telephony server and/or client, IVR engine, Prepaid and/or postpaid cards system
  • SIP Express Router (SER), SIP registrar, proxy or redirect server
  • OpenSER a SIP proxy server, SIP registrar server, SIP location server, SIP application server, SIP dispatcher server
  • OpenSBC SIP proxy server, SIP Proxy server, SIP Registrar server
  • OpenSIPStack Library, a fully compliant interface to the SIP protocol with scalability
  • Mobicents, SLEE SIP Application Server, NGIN convergence of voice, video and data
  • Siproxd, a proxy/masquerading daemon for SIP
  • Scalable SIP server, VoIP SIP registrar/proxy/router/application server, TLS secure communication, AAA, ENUM, LCR, load balancing, NAT traversal, OSP, CPL, SNMP, IM&Presence, DNS failover
  • AstShape, Routing, filtering and traffic shaping, for monitoring and maintaining QoS
  • myshaper, predecessor to AstShape
  • Wonder Shaper, predecessor to myshaper
  • AMP a web-based administrative interface to Asterisk
  • 1VideoConverence, a audio-video conference call software for Asterisk with support for Web, phone, MSN, Skype, Yahoo, and Jabber clients.
  • SoX, a command line utility that can convert various formats of audio files in to other formats. Can be used to create voicemail prompts and record VoIP calls.
  • Festival, speech synthesis, make an IP-PBX talk.
  • SpanDSP, media processing library for DTMF detection, transmit and receive faxes.
  • SIP Proxy VoIP Security Test Tool, eavesdrop and manipulate SIP traffic, predefined security test cases can be executed to find weak spots in VoIP devices. Security analysts can add and execute custom test cases
  • SIPp, a test tool and traffic generator for SIP
  • sipsak, command line tool used for some simple tests on SIP applications and devices
  • PROTOS Test-Suite: c07-sip, a SIP test-suite
  • PJSIP, a SIP stack
  • Open SIP Stack, a SIP stack
  • oSIP, a SIP stack

Security

The Linux Platform is very well suited for Security Applications. It has an encryption accelerator and certifed cryptographic storage.

Ideal IP Security Platform for the following:

Security Open Source

Authentication

The Linux Platform is very well suited for Security Applications with its certifed cryptographic storage. Certifed by Master Card Visa, EuroPay and HBCI Home Banking. Very secure storage for digital and autentication certificates and private encryption keys.
  • FreeRADIUS, a RADIUS AAA server for Authentication, Authorization, and Accounting (AAA) protocol
  • OpenRADIUS, a RADIUS AAA server
  • Open Diameter, is the proposed successor of RADIUS.
  • Apache RADIUS AAA module, Radius client implementation for Apache to allow basic authentication and authorization through RADIUS protocol.
  • Radiusclient, FreeRADIUS Client, a framework and library for writing RADIUS Clients
  • radiusclient-ng, library support for RADIUS
  • Open1x, is an implementation of the IEEE 802.1X protocol, support for the authenticator and supplicant
  • EAP-IKEv2, an Extensible Authentication Protocol (EAP) authentication method based on the Internet Key Exchange Protocol version 2 (IKEv2)
  • PEAP, Protected Extensible Authentication Protocol, a method to securely transmit authentication information, including passwords, over wired or wireless networks
  • EAP-TLS, uses PKI to secure communication to the RADIUS authentication server
  • Kerberos, a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.
  • Kerberos Module For Apache, provides Kerberos user authentication to the Apache web server.
  • pam_krb5, integrates Kerberos 5 password checking with applications built using PAM, supports session-specific ticket files, Kerberos IV ticket file grabbing, and AFS token-grabbing.
  • OpenLDAP, Lightweight Directory Access Protocol.
  • LDAP Application Authentication, an application authentication/authorization mechanism (similar to RSA's ClearTrust)based on LDAP
  • OpenCA PKI, Certification Authority implementing the most used protocols with full-strength cryptography world-wide
  • OpenCA OCSPD, an RFC2560 compliant OCSPD responder
  • minos php authentication server, secure authentication server
  • Smart Sign, a set of modules that enable the use of SmartCard based authentication & digital signature security services. It also interact with the OpenCA project to provide a SmartCard-based PKI.
  • WiKID Strong Authentication System, is a key-based two-factor authentication system.
  • NuFW, Authenticate any connection that goes through your gateway, accounting, routing and quality of service

PAM Pluggable Auth Modules

  • pam_radius, a PAM module to authenticate local users to a RADIUS server
  • pam_radius_auth, a RADIUS client for authentication and accounting requests
  • pam_abl, PAM module that provides auto blacklisting of hosts and users responsible for repeated failed authentication attempts
  • pam_passwdqc, a simple password strength checking module for PAM-aware password changing programs
  • mod_auth_radius, The RADIUS authentication module for the Apache web server
  • pam_krb5, integrates Kerberos 5 password checking with applications built using PAM, supports session-specific ticket files, Kerberos IV ticket file grabbing, and AFS token-grabbing.
  • mod_auth_sspi, Apache2 SSPI authentication module which let Apache2 users authenticate against Win32 domains
  • mod_auth_shadow, an Apache module for authentication using /etc/shadow
  • mod_auth_samba, Apache authentication module, which allows you to use username/passwords from your Windows NT workgroups in your UNIX based Apache web servers.
  • mod_auth_script, Apache module makes it possible authentication/authorization to be done by an external program. The external program can be provided as a CGI, PHP or any other schemes which allow dynamic content to Apache
  • PAM X509, Pluggable Authentication Module, PAM module which will authenticate user by X.509 certificates
  • pam_mount module, a Pluggable Authentication Module that can mount volumes for a user session, tmpfs, FUSE, smbfs, cryptoloop, LUKS mounts
  • pam_usb, a PAM module that enables authentication using a USB storage device through DSA private/public keys. It can also work with floppy disks, CD-ROMs, or any kind of mountable device.
  • NTLM auth module for Apache/Unix, an authentication method used by Microsoft IIS and Internet Explorer. This modules is implementing NTLM for Apache 1.3.9 and Apache 2.0.

Router

  • Vyatta, commercially supported, open-source router, firewall and VPN (based on xorp)
  • XORP is the eXtensible Open Router Platform
  • Scalable SIP server, SIP registrar/proxy/router/application server, TLS secure communication, AAA, ENUM, LCR, load balancing, NAT traversal, OSP, CPL, SNMP, IM&Presence, DNS failover.

Firewall

  • Vyatta, commercially supported, open-source router, firewall and VPN (based on xorp)
  • Endian Firewall, a linux security distribution, firewall, e-mail virus & spam filter, web filter, VPN
  • Zorp GPL, a transparent proxy firewall, with strict protocol analyzing proxies, a modular architecture,
  • yxorp, is a reverse proxy and application level firewall for the HTTP protocol
  • fwknop, firewall authorization server passively monitors SPA authorization packets

VPN

The Linux Platform is very well suited for VPN Applications. It has an encryption accelerator and certifed cryptographic storage.
  • Vyatta, commercially supported, open-source router, firewall and VPN (based on xorp)
  • OpenVPN is a full-featured SSL VPN solution which can accommodate a wide range of configurations
  • AmritaVPN (amvpn),a virtual private networking tool that allows two private IP networks to be seamlessly connected together through a public network such as the Internet. Uses SSL for strong encryption and authentication.
  • GVPE, a secure vpn network among multiple nodes over an untrusted network.
  • tinc, is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet.

Intrusion Detection Prevention and Assessment

  • TIGER, security auditing and real-time, host-based intrusion detection
  • Snort is a network intrusion detection system that performs real-time traffic analysis and packet logging on IP networks.
  • Nessus, a vulnerability assessment scanner
  • Firestorm, is a high performance network intrusion detection system
  • The Virtual eXecuting Environment (VXE) protects a server proactively and lets you prevent intrusions rather than just report them.
  • Netcat, a network debugging and exploration tool
  • OSSEC, a Host-based Intrusion Detection System
  • Nmap, a utility for network exploration or security auditing.
  • sshdfilter, blocks ssh brute force attacks
  • APSR, test firewalls, routing, and security.
  • P0f, passive OS fingerprinting tool profiling information about your users, customers or attackers
  • Pads, used for service anomaly detection.
  • WormScan, reports attempted attacks on your Apache Web server.
  • IP Sentinel, a tool that prevents unauthorized usage of IP addresses within an ethernet broadcast domain.
  • Tcptrack, packet sniffer that passively watches for connections on a specified network interface, tracks their states, and lists them.
  • Spade, the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signature.
  • Ntop, a network traffic probe that shows the network usage which builds network information database to detect aberrant behavior anomaly detection.
  • Nagios, a host and service monitor designed to inform you of network problems before your clients, end-users or managers do.
  • Osiris, a Host Integrity Monitoring System.

Filters

  • IPCop, a Linux Firewall Distribution based on netfilter
  • Netfilter, Internet firewall based on stateless and stateful packet filtering, build sophisticated QoS and policy routers, network address and port translation

Encryption

The Linux Platform is very well suited for Encryption Applications with its encryption accelerator.
  • OpenSSL, Project a robust, commercial-grade, fully featured toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) and cryptography library.
  • Crypto++, C++ library for cryptography: includes ciphers, message authentication codes, one-way hash functions, public-key cryptosystems, and key agreement schemes
  • BeeCrypt Cryptography Library, cryptography toolkit, Includes entropy sources, random generators, block ciphers, hash functions, message authentication codes, multiprecision integer routines, and public key primitives.
  • Kasai, a Java based authentication and authorization framework
  • curlpp, a C++ wrapper for libcurl, a free and easy-to-use client-side URL transfer library, supporting FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. libcurl supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, kerberos, HTTP
  • LibPKI, PKI library for PKI enabled application development, implement complex cryptographic operations with a few simple function calls by implementing an high-level cryptographic API
  • libsrtp, a library implementing Secure RTP, the Secure Real-time Transport Protocol. RTP is used for Voice over IP (VoIP) as well as audio and video streaming; SRTP adds confidentiality and authentication.
  • DTLS Application pack, DTLS client and DTLS server to show how to send UDP data over an encrypted channel using OpenSSL DTLSv1
  • Zebedee, establishes an encrypted, compressed tunnel for TCP/IP or UDP data transfer between two systems.
  • ipsec-tools for various IPsec implementations.
  • SSHD Library (libsshd), enables server programs to easily integrate full SSH1 / SSH2 protocol authentication and support natively, built on top of existing and proven OpenSSH technology.

Misc

  • cvsauth, an authentication daemon for the CVS pserver method.
  • JOSSO Java Open Single Sign-On, a J2EE-based SSO infrastructure aimed to provide a solution for centralized platform neutral user authentication and authorization.
  • FreeNAS, Network Attached Storage server supporting: CIFS (samba), FTP, NFS, RSYNC, SSH, AFP, Unison, UPnP protocols, local and MS Domain authentication, Software RAID (0,1,5)
  • Authoxy, a reverse-proxy allowing authentication to Apache restricted directories via a HTML FORM instead of a pop-up
  • Just For Fun Network Management System, Network Management System Is SNMP-Standard Oriented (tested on Cisco and Linux). It Integrates Syslog, Tacacs, RRDtool (Performance Graphs), Maps, Traps, TFTP, Autodiscovery, Sound Alerts, AAA
  • Arpwatch, used for mac anomaly detection.
  • Doorman, port knocker, allows a server to run silently, invisibly, with all TCP ports closed. Watches for "knock" as an encrypted UDP packet "key" to open the port.
  • fwknop, Single Packet Authorization (SPA), improved port knocker
  • SILC, provides secure conferencing services. Strong cryptographic methods are used to secure all traffic, and all messages are encrypted and authenticated.
  • gnoMint, a tool for easily creating and managing certification authorities.
  • grsecurity, an innovative approach to security utilizing a multi-layered detection, prevention, and containment model.
  • oftpd, is designed to be as secure as an anonymous FTP server
  • Yafc Yet Another FTP Client, support for Kerberos 4/5 authentication and sftp (ssh2)
  • Trent, a system designed to handle being a modular authentication server system for a wide variety of resource-managers
  • KINEC, a client/server chat program designed to keep you secure. It uses strong algorithms for encryption and authentication and will not compromise security.
  • Muzzle Instant Messenger, xml based instant messenging protocol as well as multi platform clients. The project also emphasises on integrating strong cryptography.
  • PSST, a peer to peer voice/text chat program for Windows and Linux that utilises strong encryption to protect the privacy of communication between users.
  • free chat-server, chatserver written in Java, Authentication over sql-databases
  • FSFS, a secure distributed file system in user space built over FUSE and OpenSSL
  • CrossFTP Server is a professional FTP Server for multiple platforms.
  • Whitebeam, XML/XPath based secure application framework.
  • Passenger, a secure POP/IMAP proxy(gateway) server.
  • PIPE, an encrypted chat client/server pair using 1024 bit RSA encryption to establish 256 bit AES encrypted sessions
  • fwsecvpop3d, a secure, fast pop3 server.
  • RH Email Server, an email server in a box. Using ldap authentication for imap, pop3, smtp, and SSL/TLS versions of each
  • IKECrack, an IKE/IPSec crack tool designed to perform Pre-Shared-Key [password] analysis of RFC compliant aggressive mode authentication.
  • Scapy, an interactive packet manipulation program.
  • Antinat, a SOCKS server and client library for writing proxy-based applications. It supports SOCKS 4, SOCKS 5, authentication, CHAP, XML firewalling, Win32, server chaining, and UDP