- SUP
- (PD) Ben Laurie (A. L. Digital, Ltd)
- SRC
- General Information,
FAQ
- Software (UK)
- CERN
httpd
- NCSA
httpd
- REM
- Royalty free HTTP deamon based on NCSA httpd. Employs
SSLeay and thus provides strong end-to-end
encryption worldwide.
- SUP
- (C) Sameer Parekh
- SRC
- Community ConneXion
- REM
- Commercial version of Apache HTTP Server.
- Source code provided to customers on demand.
- US Product.
- SUP
- (PD) Tim Hudson
- SRC
- Software
(DE)
- REM
- Patches for some public domain telnet and ftp applications to employ
SSLeay and, thus, to provide strong security
worldwide.
Content
- operating systems,
- middleware architectures,
- security extensions and add-ons to available operating systems.
- SUP
- SUN Microsystems
- REM
- Sun operating system.
- Features:
- Includes Kerberos
- Remote Procedure Call (RPC) RFC-1057
establishes DES session keys by means of Diffie-Hellman key-exchangeand mutually
authenticates client and server similarly to Kerberos
Version 5.
- Public base (=3) and module (of length 192 bit) are fixed.
- On each call, client and server obtain a secret key of length 192 bit = 24
byte.
- They extract a 56 bit DES key by extracting byte 9..16 and adjusting their
least significant bits to parity.
- Vulnerable to 'man in the middle attacks'.
- OSF-DCE available as a royalty free add-on
- OMG-CORBA conform extension available as Joe.
Includes IDL compiler, supports network wide callback and firewalls
OSF Distributed Computing Environmen (DCE)
- SUP
- (C, PD) Open Software Foundation (OSF) direct@osf.org
- SRC
- Documentation, FAQ, RFCs,
Public
Domain Source Code
- REM
- Middleware architecture. DCE components (Distributed Field System, Time
Service, Security Service, etc.) communicate via cross platform RPC. Client -
server authentication according to Kerberos (V5).
OSF-DCE V1.2.1 has been released by the Open Group (merger of former OSF
and X/Open) and shall be fully conformant with
RFC1510. (Optional DES encryption of
RPC data).
OMG Common Object Request Architecture (CORBA)
- SUP
- Object Management Group.
- SUP
- Documentation
- REM
- Object oriented middleware architecture. Applies the DCE philosophy to an
object oriented environment.
- SUP
- Digital Equipment Corporation.
- SRC
- [GRL90],
- RFC
1507
DASS - Distributed Authentication Security Service.
- REM
- Inter-platform security architecture. Processes protect their communication
by digital signatures and encryption. Uses the distributed authentication
security service (DASS)[GKL92]
- Key exchange according to X.509.
- Secure bootstrap of client machines.
- SUP
- Bull France, P.V. McMahon
- SRC
- Homepage (BE),
Software, Documentation and more (FR)
- REM
- SESAME offers single sign on to the network for access to remote
applications. It supports a subset of X/Open GSS-API.
- Role based distributed access control using digitally signed Privilege
Attribute Certificates (ECMA-219)
using Kerberos V5 Authentication Service.
- Optional delegation of access rights.
- Scalable to very large networks.
- Full cryptographic protection of exchanges between users and remote
applications.
- Mechanism transparency. NOTE: The public source code uses XOR as dummy
encryption, which has to be replaced by a customized encryption mechanism.
- Multiple domain operation with different security policies.
- SUP
- (F) MIT, OpenVision
- SRC
- [NT94] for a nice overview,
- RFC
1510
for protocol background on version 5, [BM91]
for specific limitations,
- FAQ master version
- Technical reference
- Software (US)
- Source code of
Bones (= Fake Kerberos) (FI)
- REM
- Network authentication system for use on physically insecure networks based
on the key distribution model presented by Needham and Schroeder
[NS78]. Kerberos is mostly used in
application layer protocols (ISO-OSI layer 7) for user-host authentication but
could also be used at lower layers for host to host security in protocols like
IP (transport layer), UDP, or TCP (session layer).
- Kerberos provides for mutual authentication (NO non-repudiation) and secure
communication between principals on an open network by manufacturing secret keys
for any requestor and providing a mechanism for these secret keys to be safely
propagated through the network. Kerberos does not, per se, provide for
authorization or accounting, although applications that wish to can use their
secret keys to perform those functions securely.
- Versions 4 and 5 are NOT compatible and use completely different protocols
- GSS-API is the API of choice for
Kerberos application development
- Export status unclear. The
'export version' is called Bones, an absolutely insecure fake that has all
cryptography removed.
- SUP
- Tatu Ylönens <www.cs.hut.fi/ssh/>
- SRC
-
- Software (ANSI C) (FI)
- Software (ANSI C) (FI)
- German mirror
- FAQ
- REM
- Transparent compression+encryption of login and communication data.
- supports all remote services (e.g., X11 associations, post office protocol
(POP)),
- 4 kinds of client authentication provided:
- same as rlogin
- rlogin + RSA based host authentication
- RSA based user authentication
- Unix login procedure (encrypted password),
- look and feel as r-Utilities of Berkeley (rlogin, rsh)
- no root privileges required, administrator independent
- SUP
- Neil Haller nmh@fall.bellcore.com
- SRC
- RFC
1760
The S/KEY One-Time Password System,
- RFC
1938
A One-Time Password System
- REM
- Automatic generation of one-time passwords,
- Features:
- Personal hardware device required for every user,
- No encryption of communication data
- Neither client nor server authentication
- REM
- Generation of session key by Diffie-Hellman key exchange,
- By default, only encryption of user id and password,
- In principle, neither client nor server authentication.
- SUP
- (C) McAfee, München support
@mcafee.com;
- OS
- Windows 3.x/95/NT
- SRC
- Software
- REM
- Bundle containing Pegasus+SPRY Mosaic Web Browser+integrated McAfee Virus
Scanner, checks executables, word documents, archives (.zip, .arj, .arc).
- SUP
- (C) Integralis, München info@dbserver.integralis.de;
- OS
- Windows NT,
- SRC
- Homepage
- REM
- E-mail scanner checking MIME attachments.
- Supports mail protocols SMTP, cc:Mail (Lotus), MAPI (MS-mail), MHS
(Novell), Lotus Notes (announced)
- Checks incoming and outgoing mail in uuencode, pkzip and most MIME formats
(BinHex not supported 3/96).
Last modified: June 1, 1996
(Some links adapted: Birgit Pfitzmann, Jan 27, 1997)
Gerrit Bleumer
bleumer@acm.org