FreeRADIUS : A high-performance, highly configurable, and feature-rich RADIUS server

FreeRADIUS is a high-performance, highly configurable, and feature-rich RADIUS server. Supported features include EAP (wireless authentication, PEAP, TTLS), MySQL, PostgreSQL, Oracle, LDAP, X9.9 token cards, VMPS, and many more. It comes with more than 50 vendor dictionaries, and interoperates with many others. It is the only open source RADIUS server that has implemented EAP, and it is currently deployed in multiple million-user systems.

• Licenses : GPL
• Operating Systems : POSIX, Windows, Cygwin, Unix
• Implementation : C

Likewise Open : joins Linux, Unix, & Mac OS machines to Microsoft Active Directory and securely authenticates users with their domain credentiials

Likewise Open is an application that joins Linux, Unix, and Mac OS machines to Microsoft Active Directory and securely authenticates users with their domain credentials. Features include: joining non-Windows systems to Active Directory domains in a single step from the command line or from a GUI; authenticating users with a single user name and password; enforcing the same password policies for all platforms; supporting multiple forests with one-way and two-way cross forest trusts; caching credentials in case your domain controller goes down; and providing single sign-on for SSH and Putty. It does not require Active Directory schema changes for installation.

• Licenses : GPL, GPLv2
• Operating Systems : Mac OS X, Windows, Unix

GNU SIP Witch : A secure peer-to-peer VoIP server

GNU SIP Witch is a secure peer-to-peer VoIP server. Calls can be made even behind NAT firewalls, and without requiring service providers. SIP Witch can be used on the desktop to create bottom-up secure calling networks and as a free software alternative to Skype. It can also be used as a stand-alone SIP-based office telephone server, or to create secure VoIP networks for an existing IP-PBX such as Asterisk, FreeSWITCH, or Yate.

• Licenses : GPLv3
• Operating Systems : OS Independent
• Implementation : C++

WhatWeb fingerprints Web servers and Web applications

WhatWeb fingerprints Web servers and Web applications. It can identify content management systems (CMS), Web application frameworks, default pages for Web servers, blogs, JavaScript libraries, and more. Each time you visit a Web site in your browser, the Web server leaks many hints about the software delivering the Web page. WhatWeb recognizes these hints and reports what it finds. WhatWeb has over 70 plugins. Plugins can identify systems with obvious signs removed by looking for subtle clues. Plugins are flexible and can return any datatype. For example, plugins can return version numbers, email addresses, account IDs, and more.

• Licenses : GPLv2
• Operating Systems : Linux
• Implementation : Ruby

Botan : A C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports SSL/TLS, X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.

• Licenses : BSD Revised
• Operating Systems : Linux, Mac OS, X Windows, Windows, FreeBSD, NetBSD, Solaris
• Implementation : C++, Assembly

RCDevs OpenOTP provides strong two-factor authentication with one time passwords (OTP)

RCDevs OpenOTP provides strong two-factor authentication with one time passwords (OTP). It supports OATH RFC-4226 HOTP (counter-based) and TOTP (Time-based), Mobile-OTP, YubiKey Software/Hardware Tokens, SMSOTP, and MAILOTP. It provides a SOAP/XML and RADIUS API and integrates into your LDAP (OpenLDAP, Novell, ActiveDirectory). It works with Web applications, VPNs, Unix, Microsoft, and more. It is composed of the RCDevs WebADM server application, the OpenOTP SOAP service, the optional Radius Bridge, and the User Self-service Desk end-user Web application. VMWare appliances and Web demos are available.

• Licenses : Freeware
• Operating Systems : Unix, Linux
• Implementation : C, PHP

UsbCryptFormat : A graphical user interface (GUI) for the encryption of USB flash drives or external hard drives

UsbCryptFormat is a graphical user interface (GUI) for the encryption of USB flash drives or external hard drives. It allows the user to reformat a USB flash drive, an SD card, or an external hard drive with an encrypted filesystem very easily and without the danger of destroying data on an internal hard drive because of incautious handling of device names. So it is usable even for a layperson.

• Licenses : GPL
• Operating Systems : Debian GNU/Linux Ubuntu
• Implementation : bash

RetroShare : A cross-platform private P2P sharing program

RetroShare is a cross-platform private P2P sharing program. It lets you share securely with your friends, using a web-of-trust to authenticate peers and OpenSSL to encrypt all communication. RetroShare provides file sharing, chat, messages, and channels.

• Licenses : LGPL GPL
• Operating Systems : POSIX, Linux, Windows, mac
• Implementation : C++, Qt

NuFW is an authenticating firewal

NuFW is an authenticating firewall. It adds strict and secure identity-based filtering capabilities to enterprise-grade firewalls. It can also set quality of service on a per-user basis and log user activities into an SQL database. Furthermore, it can use multiple external authentication sources via PAM and be the key of a Single Sign On solution.

• Licenses : GPLv3
• Operating Systems : POSIX, Linux
• Implementation : C

Suricata : A network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

• Licenses : GPLv2
• Operating Systems : Linux, FreeBSD, Mac OS X, Windows
• Implementation : C

OpenDNSSEC : Software that manages the security of domain names on the Internet

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

• Licenses : BSD Revised
• Operating Systems : Unix, RHEL, Linux, OpenBSD, FreeBSD, NetBSD, Fedora, Debian, Ubuntu, Mac OS X
• Implementation : C, C++, Python, Ruby, ldns

XML Security Library : A C library based on LibXML2

XML Security Library is a C library based on LibXML2. It provides an implementation for major XML security standards: XML Digital Signature and XML Encryption.

• Licenses : MIT/X
• Implementation : C

SQLCipher provides fully transparent encryption of SQLite databases

SQLCipher provides fully transparent encryption of SQLite databases. SQLCipher is a specialized build of the SQLite database that performs transparent and on-the-fly encryption. Using SQLCipher, an application uses the standard SQLite API to manipulate tables using SQL. Behind the scenes, the library silently manages security, making sure that data pages are encrypted and decrypted as they are written to and read from storage. SQLCipher relies on the peer-reviewed OpenSSL library for several encryption requirements, including the AES-256 algorithm, pseudo random number generation, and PBKDF2 key derivation.

• Licenses : BSD Style
• Operating Systems : Linux, Mac OS X, Windows, iPhone, iPod
• Implementation : C

RetroShare : A cross-platform private P2P sharing program

RetroShare is a cross-platform private P2P sharing program. It lets you share securely with your friends, using a web-of-trust to authenticate peers and OpenSSL to encrypt all communication. RetroShare provides file sharing, chat, messages, and channels.

• Licenses : LGPL, GPL
• Operating Systems : POSIX, Linux, Windows, mac
• Implementation : C++, Qt

CloudUSB : An OS package that is intended to boot from a USB stick or other mutable removable media

CloudUSB is an OS package that is intended to boot from a USB stick or other mutable removable media. Its purpose is to let you carry your whole computing environment in your pocket and let you use any computer available as if it were your own. It stores your personal data in encrypted form on the same medium as the OS and in an online storage space, thus granting you security and privacy. Local and remote data are synchronized, allowing work to continue even offline. CloudUSB currently uses Ubuntu as the OS and Dropbox as the online storage service.

• Licenses : GPL
• Operating Systems : Linux
• Implementation : Bash shell scripting

Suricata : A network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

• Licenses : GPLv2
• Operating Systems : Linux, FreeBSD, Mac OS X, Windows
• Implementation : C

Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms

Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.

• Licenses : GPL
• Operating Systems : POSIX Linux BSD FreeBSD
• Implementation : C, C++

TrouSerS : An open-source TCG Software Stack implementation

TrouSerS - An open-source TCG Software Stack implementation, created and released by IBM.

• Operating System : Linux
• License : Common Public License 1.0
• Programming Language : C

TPM/J is an object-oriented API using Java for low-level access to the TPM. It was developed as part of the research project on Trusted Computing at MIT.

• Operating System : OS X, Linux, WinXP
• License : BSD License
• Programming Language : Java
  

RCDevs OpenOTP Radius Bridge provides a RADIUS RFC-2865 (Remote Authentication Dial-in User Service) API for the OpenOTP Authentication Server

RCDevs OpenOTP Radius Bridge provides a RADIUS RFC-2865 (Remote Authentication Dial-in User Service) API for the OpenOTP Authentication Server. It is an optional server component to be deployed on top of your OpenOTP infrastructure. Radius Bridge is implemented over the powerful FreeRADIUS software. The RADIUS API interfaces with VPN servers and many other software applications requiring end-user authentication. The supported authentication schemes are based on One-Time Passwords technologies (OATH HOTP/TOTP or mOTP Software Tokens, SMS One-Time Passwords, and Mail / Secure Mail One-Time Passwords).

• Licenses : GPLv2
• Operating Systems : Linux
• Implementation : C

Service Guardian aims to protect servers against various things such as resource exhaustion and connection floods

Service Guardian aims to protect servers against various things such as resource exhaustion and connection floods. It can measure the number of connections to servers' ports and, after a grace time period, compares and sees if the host is still in violation of the specified settings. If a host is in violation of the settings, it will be filtered out and dropped via netfilter/iptables.

• Licenses : GPLv3
• Operating Systems : POSIX, Linux
• Implementation : C