AppGate Security Server is an access control gateway for secure access to resources such as TCP ports, network ranges, Web pages, file shares, and remote desktops. Users connect with the cross-platform AppGate client (or any standard SSH client) and the server has a detailed configuration that says which users gain access to what under which circumstances. AppGate Free Edition is a virtual appliance running in a VMWare image and is limited to a maximum of 10 concurrent users.
BlockIt monitors the Snort alert file and creates either IPTables, IPChains, IPFWADM, IPFilter, PF, or Checkpoint Firewall rules. This version runs on Linux, FreeBSD, and OpenBSD. BlockIt has built-in CIDR support for multiple target IPs and whitelist support. Additional features include MySQL logging and email logging.
chownat allows two peers behind two separate NATs and firewalls to establish a direct connection with each other. No port forwarding, DMZ, third party, proxy, spoofing, elevated user privileges, or DNS tricks are required. More importantly, it opens up a tunnel between the two machines so one peer can access a service, such as SSH or a Web server, on the other machine which is also behind a NAT.
Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.
HTTPTunnel is a simple client/server application for creating an HTTP tunnel between two machines, optionally via a Web proxy. This tunnel can then be used to wrap arbitrary TCP socket traffic in HTTP, thus allowing communications even through a restrictive firewall that only allows outgoing HTTP connections.
Harm acts as a four-way socket redirector that allows you to effectively make a TCP connection from the Internet to a host behind a Linux masquerade-style firewall. The server (behind the firewall) makes connections to the client (on the Internet). After a successful connection, it will bounce packets from a telnet client (Windows and Linux) to the Harm client, to the Harm server (Linux only), or to the telnet daemon behind the firewall.
LAN Management System (LMS) is a set of database-driven applications capable of managing multiple networks of computers and customers. It uses a Web UI and either a multipurpose daemon written in C or a set of Perl scripts that perform scheduled tasks and configure your system services. It was designed to organize small self-financed networks, but is mature enough to suit the needs of medium sized ISPs. Support for multiple databases and languages are included, and a template system allows it to blend in with your existing infrastructure.
Local Area Security Knoppix is a 'Live CD' distribution based on Knoppix but with a strong emphasis on security tools and small footprint. There are two different versions of L.A.S. Linux to fit two specific size requirements. There is a 185 MB version and a 210 MB version to fit on MiniCDs of the same size.