Astaro Security Gateway (formerly Astaro Security Linux) is an all-in-one network security gateway that includes a firewall, intrusion protection, antivirus, spam protection, URL filtering, and a VPN gateway. Features include a modern packet filter, intrusion detection and prevention, portscan detection, application control, content filtering, virus detection for email and Web traffic, profile handling, L2TP, IPSec, SSL, and PPTP VPN tunneling, spam blocking, proxies for HTTPS, HTTP, FTP, POP3, SMTP, DNS, VoIP, SOCKS, and Ident, logging, and reporting. It supports Ethernet, VLAN, PPP, PPPoE, PPPoA, Cable Modem, IPv6, QoS, Link Aggregation, and WAN-Uplink-Load balancing in routing, and bridge mode. The WebAdmin GUI, Install Wizard, Change Tracking, Printable Configuration, and Up2Date service make it easy to install, manage, and maintain.
iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.
The Linux Intrusion Detection System (LIDS) is a patch which enhances the kernel's security by implementing a reference monitor and Mandatory Access Control (MAC). When it is in effect, chosen file access, all system/network administration operations, any capability use, raw device, memory, and I/O access can be made impossible even for root. You can define which programs can access specific files. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.
The OpenCA Project is a collaborative effort to develop a robust, full-featured and Open Source out-of-the-box Certification Authority implementing the most used protocols with full-strength cryptography world-wide. OpenCA is based on many Open-Source Projects. Among the supported software is OpenLDAP, OpenSSL, Apache Project, Apache mod_ssl.
MCS MyRoute helps diagnose connectivity problems with detailed network routing discovery and analysis, providing visibility to poor-performing networks and devices. It includes a Java applet that enables remote users to easily test connections from the MyRoute server. Essential diagnostic tools including traceroute, ping, reverse DNS, and whois are combined into a single graphical interface that analyzes Internet connections, reporting quick and essential data points for finding connectivity problems. An IP location database identifies the geographical location of IP addresses and Web servers, showing the path of an Internet connection on a global map.
Botan is a crypto library written in C++. It provides a variety of cryptographic algorithms, including common ones such as AES, MD5, SHA, HMAC, RSA, Diffie-Hellman, DSA, and ECDSA, as well as many others that are more obscure or specialized. It also offers SSL/TLS (client and server), X.509v3 certificates and CRLs, and PKCS #10 certificate requests. A message processing system that uses a filter/pipeline metaphor allows for many common cryptographic tasks to be completed with just a few lines of code. Assembly and SIMD optimizations for common CPUs offers speedups for critical algorithms like AES and SHA-1.
SOFFIC is a Linux kernel patch that provides file integrity control integrated into the normal system operation (on-the-fly). It checks a file's integrity each time a monitored file is opened for reading or execution, and issues a warning if it is found to be invalid. It protects against rootkits, backdoors, worms, viruses, Web defacement, unauthorized installation and use of new software (e.g. malicious tools), etc.
fscaps implements filesystem capabilities for the Linux operating system (2.5 and up). With filesystem capabilities, you will be able to grant selective privileges to executables on a needed basis. This means there is no need anymore to run executables as root or as a suid root binary.
EncFS is an encrypted pass-through filesystem which runs in userspace on Linux (using the FUSE kernel module). Similar in design to CFS and other pass-through filesystems, all data is encrypted and stored in the underlying filesystem. Unlike loopback filesystems, there is no predetermined or pre-allocated filesystem size.