The WiKID Strong Authentication System is a highly scalable, secure two-factor authentication system. It is simple to implement and maintain, allows users to be validated automatically, requires no hardware tokens, has a simple API for application support (via Ruby, PHP, Java, COM, Python, etc.), supports multiple domains, and supports replication for fault tolerance and scalability. It also supports mutual /host and transaction authentication, wireless tokens only domains, locked tokens (to your PC), anti-keystroke logger keypad PIN entry, etc.
PacketFence Zero Effort NAC (ZEN) is a network access control (NAC) system. It supports registration of new network devices, detection of abnormal network activities, isolation of problematic devices, remediation through a captive portal, registration-based and scheduled vulnerability scans, VLAN isolation with VoIP support (even in heterogeneous environments) for multiple switch vendors, support for 802.1X through a FreeRADIUS module, wireless integration with FreeRADIUS, DHCP fingerprinting, and more. It consists of a fully installed and preconfigured version of PacketFence inside a VMWare image.
PacketFence is a fully supported, trusted network access control (NAC) system. It includes a captive portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices, and integration with the Snort IDS and the Nessus vulnerability scanner. It can be used to effectively secure networks, from small to very large heterogeneous networks.
360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate, and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA, or ScreenOS commands. It is all contained in one file. It can read policy and logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), and Cisco ASA (show run / syslog format). It uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalization at the same time as removing unused connectivity. It supports policy to log association, object translation, rulebase reordering and simplification, rule moves, and duplicate matching automatically. It allows you to seamlessly move rules to where you need them. 'print' mode creates a spreadsheet for your audit needs with one command.
BalanceNG is a modern, IPv6 capable software IP load balancing solution. It is small, fast, and easy to use and set up. It offers session persistence, different distribution methods (Round Robin, Random, Weighted Random, Least Session, Least Bandwidth, Hash, Agent, and Randomized Agent) and a customizable UDP health check agent in source code. It supports VRRP to set up high availability configurations on multiple nodes. It supports SNMP, integrating the BALANCENG-MIB with Net-SNMPD. It implements a very fast in-memory IP-to-location database, allowing powerful location-based server load-balancing.
The GNU Gatekeeper is a free H.323 gatekeeper based on the OpenH323 project. You can use it to manage a Voice-over-IP network and let endpoints (e.g., Netmeeting) communicate through symbolic names. It also has an external interface for billing and other applications. It runs on a number of Unix versions (including Linux and Solaris) and Windows.
Open DHCP Server is full fledged, all purpose DHCP server. It supports nearly all industry standard functionality. It supports both dynamic and static leases, multiple domains, multiple subnets, and relay agents. It also supports BOOTP and PXEBOOT. It allows user-defined options, which can be global, range-specific, or client-specific. DHCP ranges can be further filtered by MAC address ranges, Vendor Class, or User Class.
Dual DHCP DNS Server is a DHCP server combined with a caching DNS server that is sensitive to the names that were allocated by the DHCP server. It has built in dynamic updates, and also supports BOOTP PXE network booting and client specific options. It is self-configuring, doesn't require the creation of zone files, and uses little memory and CPU time. Either one of the two services can be turned off.
Sanewall is a firewall builder for Linux that uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need. Sanewall is a fork of FireHOL and can make use of existing FireHOL configurations.