Monday, June 29, 2009
Friday, June 26, 2009
The Stunnel source code is not a complete product -- you still require a functioning SSL library such as OpenSSL or SSLeay in order to compile stunnel. This means that stunnel can support whatever (and only) that which your SSL library can, without making any changes in the Stunnel code.
The Stunnel source code is available under the GNU General Public License, meaning it is free to use in both commercial and non commercial applications as you see fit, as long as you provide source code (and any modifications) with the software. Your compiled Stunnel binary is 'restricted' by whatever license your chosen SSL library is under, however both OpenSSL and SSLeay are open source and similarly liberal in their licensing.
visit : http://www.stunnel.org/
Saturday, June 20, 2009
OpenVPN is a free and open source virtual private network (VPN) program for creating point-to-point or server-to-multiclient encrypted tunnels between host computers. It is capable of establishing direct links between computers across network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License (GPL).
OpenVPN allows peers to authenticate each other using a pre-shared secret key, certificates, or username/password. When used in a multiclient-server configuration, it allows the server to release authentication certificate for every client, using signature and Certificate authority. It uses the OpenSSL encryption library extensively, as well as the SSLv3/TLSv1 protocol. It is available on Solaris, Linux, OpenBSD, FreeBSD, NetBSD, Mac OS X, and Windows 2000/XP/Vista. It contains many security and control features. It is not a "web-based" VPN, and is not compatible with IPsec or any other VPN package. The entire package consists of one binary for both client and server connections, an optional configuration file, and one or more key files depending on the authentication method used. It is sometimes used by computer gamers as a way of accessing LAN games over the internet.
OpenVPN uses the OpenSSL library to provide encryption of both the data and control channels. It lets OpenSSL do all the encryption and authentication work, allowing OpenVPN to use all the ciphers available in the OpenSSL package. It can also use the HMAC packet authentication feature to add an additional layer of security to the connection (referred to as an "HMAC Firewall" by the creator). It can also use hardware acceleration to get better encryption performance.
OpenVPN has several ways to authenticate peers to one another. OpenVPN offers pre-shared secret key, certificate-based, and username/password-based authentication. Preshared secret key is the easiest, with certificate based being the most robust and feature-rich. The username/password is a new feature (version 2.0) that can be used with or without a client certificate (the server still needs a certificate). The source tarball includes a sample Perl script to verify the username/password with PAM and a C auth-pam plugin.
OpenVPN can run over UDP (preferred, and default) or TCP. It multiplexes all communications over a single TCP/UDP port. It has the ability to work through most proxy servers (including HTTP) and is good at working through NAT and getting out through firewalls. The server configuration has the ability to "push" certain network configuration options to the clients. These include IP addresses, routing commands, and a few connection options. OpenVPN offers two types of interfaces for networking via the Universal TUN/TAP driver. It can create either a layer-3 based IP tunnel (TUN), or a layer-2 based Ethernet TAP that can carry any type of Ethernet traffic. OpenVPN can optionally use the LZO compression library to compress the data stream. Port 1194 is the official IANA assigned port number for OpenVPN. Newer versions of the program now default to that port. A feature in the 2.0 version allows for one process to manage several simultaneous tunnels, as opposed to the original "one tunnel per process" restriction on the 1.x series.
OpenVPN's use of common network protocols (TCP and UDP) makes it a desirable alternative to IPsec in situations where an ISP may block specific VPN protocols in order to force users to subscribe to a higher-priced, "business grade," service tier.
OpenVPN offers several internal security features. It runs in userspace, instead of requiring IP stack (and therefore kernel) operation. OpenVPN has the ability to drop root privileges, use mlockall to prevent swapping sensitive data to disk, and enter a chroot jail after initialization.
OpenVPN offers support of smart cards via PKCS#11 based cryptographic tokens.
Proxifier is a program that allows network applications that do not support working through proxy servers to operate through an HTTPS or SOCKS proxy or a chain of proxy servers.
There are many network applications that do not support working through proxy servers and thus cannot be used behind a LAN or firewall(s). These can compromise corporate privacy and lead you to many other restrictions. Proxifier solves all of these problems and gives you the opportunity to work with your favorite software without any restrictions. Additionally, it lets you gain extra control over network security, create a proxy tunnel and add more power to network functionality.
Proxifier is a program that allows network applications that do not support working through proxy servers operate through a HTTP or SOCKS proxy server or a chain of proxy servers.
With Proxifier you can easily tunnel all connections on the system or separate applications.
Proxifier allows you to:
- Run any network applications through proxy server; no special configuration is required for the software.
- Access the Internet from restricted local area network through a proxy server gateway.
- Bypass firewall restrictions (connect to restricted ports).
- Use three types of proxy servers: SOCKS v4, SOCKS v5, and HTTP.
- "Tunnel" the entire system (force all network connections in the system work through a proxy server).
- Resolve DNS names through a proxy server.
- Use flexible Proxification Rules.
- Secure privacy by hiding your IP address.
- Work through a chain of proxy servers using different protocols.
- Use NTLM authentication on HTTP proxy
- View information on current connections (addresses, rate, data transfer, connection time, etc.) in real-time.
- View information on bandwidth usage as a colored diagram in real-time.
- Maintain log files.
- Log incoming and outgoing traffic.
- Get detailed reports on network errors.
- … and much more.
Proxifier Portable Edition:
- Has most of Proxifier Standard Edition features.
- Doesn't require installation on a local machine.
- Can be run from removable media such as USB stick, Floppy, etc…
- Can be run from Guest and Restricted user accounts.
- Keeps all settings in the file, doesn't use system registry.
Friday, June 19, 2009