FOCUS on Linux: Security Tools
by Jonathan Day
Cyrus SASL is a library for providing an authentication mechanism for packages. It is used by IMAP, LDAP, ACAP and other standard protocols.
Cryptix SASL is a SASL package for Java. It's very alpha in quality, at present, but does provide some basic authentication mechanisms.
Libpcap is a fairly basic library for dumping all TCP packets on the network. It allows the application developer to write a simplistic TCP packet sniffer, to monitor for suspicious packets. Libpcap is not actively maintained, but is sufficiently well written that it is still widely used.
Tcpdump is a simplistic TCP packet sniffer, based on Pcap, which dumps the headers of TCP packets that pass through a named interface.
Libnids emulates a Linux 2.0.x IP stack and includes support for IP packet defragmentation, TCP stream reassembly, and TCP portscan detection. It can be used as a building block for constructing advanced TCP intruder detection systems.
The Shadow Password Suite is described in the section on user authentication.
Crypt offers basic one-way encryption, primarily for use in passwords. The encryption can't be readily broken, but it's only of very limited interest outside of the traditional Unix password environment.
Mcrypt is a drop-in replacement for Crypt, except that it also supports many modern encryption systems, including "secret key" algorithms which can be decrypted later. This library is actively maintained.
Mhash is a library that nicely compliments Mcrypt, in that it provides many modern hashing functions, useful in verification and diygital signatures, as well as for other circumstances in which one-way encryption functions are useful.
Libdes is a library based on the "classic" DES algorithm. It's pretty useless, now that DES can be readily broken, but there are still plenty of situations in which DES is mandatory.
Libresrsa is the reference library that uses the public-key algorithm developed by RSA. The patent covering this algorithm has now expired, allowing this algorithm to be widely used. It is already used in a great many products, such as PGP, and is widely regarded as one of the most secure public key algorithms in general use.
Kerberos, SSh and OpenSSh are described in the section on user authentication.
Crack is a library used to develop Unix password crackers. It's a simple library, providing the tools needed to crack passwords. Used for various nefarious purposes, and legitimate evaluation of users' passwords.
This covers some of the better-known security packages for Linux, and how they fit in the jigsaw that is called computer security for Linux.
This article originally appeared on SecurityFocus.com -- reproduction in whole or in part is not allowed without expressed written consent.