Automated Password Generator is a set of tools for random password generation including a standalone password generator, an RFC972 password generation server, and a Perl client for the password generation server. These feature a built-in X9.17 random number generator, and 35 modes of password generation, including pronounceable password generation.
Big Brother is a combination of monitoring methods. Unlike SNMP where information is just collected and devices polled, Big Brother is designed in such a way that each local system broadcasts its own information to a central location. Simultaneously, Big Brother also polls all networked systems from a central location. This creates a highly efficient and redundant method for proactive network monitoring.
C-Kermit is a combined serial and network communication software package offering a consistent, medium-independent, cross-platform approach to connection establishment, terminal sessions, file transfer, character-set translation, numeric and alphanumeric paging, and automation of communication tasks. Recent versions include FTP and HTTP clients as well as an SSH interface, all of which can be scripted and aware of character-sets. It supports built-in security methods, including Kerberos IV, Kerberos V, SSL/TLS, and SRP, FTP protocol features such as MLSD, and source-code parity with Kermit 95 2.1 for Windows and OS/2.
Email Security through Procmail (the Procmail Sanitizer) provides methods to sanitize email, removing obvious exploit attempts and disabling the channels through which exploits are delivered. Facilities for detecting and blocking Trojan Horse exploits and worms are also provided.
Hogwash is a layer 2 packet scrubber based on the snort signature engine. Hogwash sits in line, and drops packets based on signature matches. The rule set will be familiar to anyone that has used snort before. Hogwash supports passive host identification and adaptive rule sets for added accuracy.
Logcheck parses system logs and generates email reports based on anomalies. Anomolies can be defined by users with 'violations' files. It differentiates between 'Active System Attacks', 'Security Violations', and 'Unusual Activity', and is smart enough to remember where in the log it stopped processing to improve efficiency. It can also warn when log files shrink, and does not report errors when they are rotated.
The modular syslog allows for an easy implementation of input and output modules. The modules that mantain compatibility with its precursor are included in the standard distribution along with four modules: om_peo (an implementation of PEO-1 and L-PEO, two algorithmic protocols for integrity checking), om_mysql and om_pgsql (modules that sends output to a mysql and postgresql database, respectively) and om_regex (a module that allows output redirection using regular expressions).
This patch integrates SecurID authentication services directly into the OpenSSH daemon, allowing users to use SecurID tokens directly as their passwords instead of relying on the clunky sdshell. It rides on the plain password auth architecture in OpenSSH to avoid requiring ChallengeResponse or firstname.lastname@example.org style auth. It supports full privilege separation.
P-Synch is a commercial password management toolkit which provides automated password synchronization, password strength enforcement, password self-reset by authenticated users, and streamlined password reset by helpdesk. P-Synch is available for both internal use as well as for Internet-based deployments in B2B and B2C applications.