This appendix describes some of the tools and packages available on the Internet that you might find useful in building and maintaining your firewall. Many of these tools are mentioned in this book. Although this software is freely available, some of it is restricted in various ways by the authors (e.g., it may not be permitted to be used for commercial purposes or be included on a CD-ROM , etc.) or by the U.S. government (e.g., if it contains cryptography, it can't ordinarily be exported outside the United States). Carefully read the documentation files that are distributed with the packages.
Although we have used most of the software listed here, we can't take responsibility for ensuring that the copy you get will work properly and won't cause any damage to your system. As with any software, test it before you use it.
As we've mentioned, the Computer Operations, Audit, and Security
) project at Purdue University
provides a valuable service to the Internet community by maintaining a
current and well-organized repository of the most important security
tools and documents on the Internet. The repository is available on host
The tools in this category provide support for various types of authentication. See Chapter 10, Authentication and Inbound Services for information about different authentication approaches.
The TIS Internet Firewall Toolkit ( FWTK ), from Trusted Information Systems, Inc., is a very useful, well-designed, and well-written set of programs you might find useful for authentication and other purposes. It includes:
The toolkit is designed so that you can pick and choose only the pieces you need; you don't have to install the whole thing. The pieces you do install share a common configuration file, however, which makes managing configuration changes somewhat easier.
Some parts of the toolkit (the server for the non-reusable password system, for example) require a Data Encryption Standard ( DES ) library in some configurations. If your system doesn't already have one (look for a file named libdes.a in whatever directories code libraries are kept on your system), you can get one from:
TIS maintains a mailing list for discussions of improvements, bugs, fixes, and so on among people using the toolkit; Send email to firstname.lastname@example.org to subscribe to this list.
Kerberos was developed by Project Athena at the Massachusetts Institute of Technology. From the Kerberos Frequently Asked Questions ( FAQ ) file: