Appendix B. ToolsContents:Authentication ToolsAnalysis Tools Packet Filtering Tools Proxy Systems Tools Daemons Utilities Although we have used most of the software listed here, we can't take responsibility for ensuring that the copy you get will work properly and won't cause any damage to your system. As with any software, test it before you use it. any packages have verifiable digital signatures; the software supplier provides a cryptographic checksum for the package that has been encrypted with the supplier's private key. You can verify that you have the correct package by decrypting the checksum with the supplier's public key and calculating the checksum on the package yourself, and making sure that they match. We encourage you to take the trouble to use these signatures when you are dealing with security-sensitive software. Many people have distributed booby-trapped versions of popular software packages.
B.1. Authentication ToolsThe tools in this category provide support for various types of authentication. See Chapter 21, "Authentication and Auditing Services", for information about different authentication approaches.B.1.1. TIS Internet Firewall Toolkit (FWTK)ftp://ftp.tis.com/pub/firewalls/toolkit/The TIS Internet Firewall Toolkit (TIS FWTK), from Trusted Information Systems, is a very useful, well-designed, and well-written set of programs you might find useful for authentication and other purposes. It includes:
Some parts of the toolkit (the server for the nonreusable password system, for example) require a Data Encryption Standard (DES) library in some configurations. If your system doesn't already have one (look for a file named libdes.a in whatever directories code libraries are kept on your system), you can get one from:
ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/TIS FWTK maintains a mailing list for discussions of improvements, bugs, fixes, and other issues among people using the toolkit; Send email to fwall-users-request@tis.com to subscribe to this list.
B.1.2. Kerberosftp://athena-dist.mit.edu/pub/kerberos/ftp://coast.cs.purdue.edu/pub/tools/unix/kerberos/Kerberos was developed by Project Athena at the Massachusetts Institute of Technology. From the Kerberos Frequently Asked Questions (FAQ) file: Kerberos is a network authentication system for use on physically insecure networks, based on the key distribution model presented by Needham and Schroeder. It allows entities communicating over networks to prove their identity to each other while preventing eavesdropping or replay attacks. It also provides for data-stream integrity (detection of modification) and secrecy (preventing unauthorized reading) using cryptography systems such as DES.
|
|