Infrastructural software

From SME Guide

(Difference between revisions)
Jump to: navigation, search
Current revision (11:43, 14 October 2008) (view source)
(Replacing page with ' Previous Software Index Next')
 
-
'''FederID'''
 
-
'''http://federid.objectweb.org/xwiki/bin/view/Main/'''
 
-
 
-
The FederID project aim to offer a real solution of Identity Management and Identity Federation. It is based on several OSS components:
 
-
 
-
* InterLDAP: Based on J2EE and OpenLDAP, InterLDAP makes it possible to manage the complete cycle of an identity through its attributes, its accesses and its prerogatives. It is the essential tool to provide an advanced interface of consultation and administration of an LDAP directory
 
-
* LASSO: Lasso is a free software C library aiming to implement the Liberty Alliance standards; it defines processes for federated identities, single sign-on and related protocols. Lasso is built on top of libxml2, XMLSec and OpenSSL and is licensed under the GNU General Public License (with an OpenSSL exception)
 
-
* Authentic: Authentic is a Liberty Alliance Identity Provider. It provides Single Sign-On (SSO), Single Logout (SLO) and attributes sharing
 
-
* LemonLDAP: The LemonLDAP project is a reverse proxy SSO developed with the French Ministry of Finances under GNU GPL license. LemonLDAP is a network service which is a single entrance point of all HTTP requests aimed to the various protected Web applications. With the help of an LDAP directory, it offers a single mechanism of authentication and access control to these applications
 
-
 
-
 
-
'''HardTokenManagement'''
 
-
 
-
'''http://hardtokenmgmt.org/ '''
 
-
 
-
HardToken is an Hard Token Management Framework in Java used to manage the complete lifecycle of an organizations smartcard and/or USB dongles. It communicates with the tokens through a PKCS11 interface so it is possible to change hardware as long as they supply it with a good implementation of PKCS11. It comes along quite with a few ready made modules that can be composed to fit the need of the organization. The Hard Token Management Framework is an Add-on to EJBCA Certificate Authority; the current application suite of modules using the hard token management framework 'ToLiMa' have the following features.
 
-
 
-
* Issue tokens, regular, temporary and project
 
-
* Unlock PIN of a token without exposing the PUK code for the users or administrators
 
-
* Revoke lost cards
 
-
* Renew expiring cards
 
-
* Activate cards in the organizations systems
 
-
* It is also possible to issue and unlock tokens on an approval basis, used in scenarios were no token administrator is available (for instance in 24/7 operational environments). Then it is possible for a colleague of the end user to generate a request of the action which is sent to a central support unit for review and approval.
 
-
 
-
[[HardTokenManagement|Screenshots]]
 
-
 
-
 
-
'''Mandriva directory server'''
 
-
 
-
'''http://mds.mandriva.org/ '''
 
-
 
-
Mandriva Directory Server is an enterprise directory platform based on LDAP designed to manage identities, access control informations, policies, application settings and user profiles. The Mandriva Directory Server (MDS) is a Free Software project that features:
 
-
 
-
* user authentication and management thanks to LDAP and Kerberos
 
-
* an extensible, nice looking and AJAX powered PHP web interface called MMC (Mandriva Management Console), provided with 6 modules:
 
-
* Users and groups management
 
-
* SAMBA accounts and shares management
 
-
* Printing management
 
-
* Email delivery management
 
-
* Web proxy blacklist management
 
-
* Open-Xchange users management
 
-
* a Python dedicated management API for LDAP, SAMBA, Open-Xchange and SQUID (core of the MDS and the MMC)
 
-
* a policy system, that will allow to define users right on network ressources
 
-
 
-
Thanks to the MMC, the MDS can fully replace a Windows NT4 server.
 
-
 
-
[[Mandriva|Screenshots]]
 
-
 
-
 
-
'''OpenPEC2'''
 
-
 
-
'''http://www.openpec.org/ '''
 
-
 
-
An implementation of Italian's Certified Email, a server-based infrastructure that provides encryption, guarantee of reception and non-repudiability of email.
 
-
 
-
 
-
'''OpenTrust-PAM'''
 
-
 
-
'''http://www.opentrust.com/content/view/237/205/lang,en/ '''
 
-
 
-
Web reverse proxy for Single Sign On (SSO). It can apply a security policy (profiles stored in a LDAP directory) to an existing set of applications, consolidate websites, encrypt all communications, and rewrite simple URLs. Among the features:
 
-
 
-
* Business application access management
 
-
* Authentication unity
 
-
* Level 7 application firewall
 
-
* URL dynamic rewrite (HTTPS)
 
-
* Automatic adjustment to strong authentication according to the security policy
 
-
* Integration of the intranet in a customized portal with access rights
 
-
* Multiple websites consolidated in a central URL tree structure and/or using several virtual hosts as proxy front-ends
 
-
* Integrated cache to speed up flows
 
-
* HTTP 1.0 and HTTP 1.1 including fragmented transfer coding
 
-
* SSLv2, SSLv3, TLSv1
 
-
* Support for URL, HTTP header and script dynamic rewrite
 
-
* Security policy linked to LDAP directory
 
-
* Oracle Forms protocol support
 
-
 
-
 
-
'''PacketFence'''
 
-
 
-
'''http://www.packetfence.org/ '''
 
-
 
-
PacketFence is an open-source network access control (NAC) system. Deployed in academic networks around the world, PacketFence is reliable, extremely configurable, and built upon unmodified open-source code (Fedora, LAMP, Perl, and Snort). PacketFence is designed to operate in heterogeneous environments and uses vendor-agnostic isolation techniques including DHCP scope changes and ARP cache manipulation ("passive" mode). Among the features:
 
-
 
-
* Authenticate users using any authentication Apache supports (even more than one!)
 
-
* Registration-based and scheduled vulnerability scans.
 
-
* Captive portal-based user registration and remediation.
 
-
* Passive operating system fingerprinting using DHCP
 
-
* Ban unsupported operating systems (eg. Windows 95/98/ME) or NAT-based routers.
 
-
* Automatically register game consoles or VoIP phones.
 
-
* Log location-based information using DHCP option-82.
 
-
* Protect multiple networks and 802.1q trunks.
 
-
 
-
 
-
'''SSLExplorer'''
 
-
 
-
'''http://3sp.com/showSslExplorerCommunity.do '''
 
-
 
-
SSL-Explorer is the world's first open-source, browser-based SSL VPN solution. This unique remote access control solution provides you with a means of securely accessing intranet applications and resources using a standard web browser. No client-side software needs to be installed on your user's systems and maintenance is centralised and simple. SSL-Explorer relies on the ubiquitous Java web technology and hence requires just a standard web browser to take advantage of full remote access. Network traffic can be tunnelled through the SSL connection with ease and your email and intranet web/file resources are securely accessible from outside the corporate network with just a single firewall configuration required post-installation. Among the features:
 
-
 
-
* Versions available for Microsoft Windows XP/2000/2003/Vista, Apple Mac OS X Tiger (or later) and Linux operating systems
 
-
* Standards compliant HTML supported on all modern browsers include Internet Explorer 5, IE6, IE7, Mozilla Firefox, Opera and Safari browsers among many more
 
-
* Granular policy-based rights management
 
-
* Remotely browse Windows filesystems via Windows Explorer
 
-
* Microsoft Outlook Web Access 2003 supported - move vulnerable OWA servers out of the DMZ
 
-
* Reverse proxy web forwarding supported with HTTP rewrite technology
 
-
* Active Directory authentication supported
 
-
* Built-in database authentication supported
 
-
* UNIX authentication supported
 
-
* Configurable authentication schemes
 
-
* Access your desktop remotely
 
-
* Intranet resources may be securely externalized using web forwarding
 
-
* Accessible using zero-footprint VPN client
 
-
* Connect using any modern web browser
 
-
* Supports access through HTTP or SOCKS proxy
 
-
* Local and remote tunneling via SSL
 
-
* Session inactivity timeouts
 
-
* Web application URL masking
 
-
* No dedicated appliance necessary
 
-
 
-
[[SSLExplorer|Screenshots]]
 
-
 
-
 
-
'''Univention Corporate Server'''
 
-
 
-
'''http://www.univention.de'''
 
-
 
-
Univention Corporate Server (UCS) is an easy-to-use
 
-
 
-
Linux distribution based on Debian GNU/Linux and has a central common server/client and site/platform management system. UCS can be used to replace or complement existing server infrastructures, but also to provide a complete Linux desktop that can be managed centrally.
 
-
 
-
* central control and policy-based
 
-
* administration of users and groups in Linux & heterogenous environments
 
-
* printers, share,s IPmanagement mail, groupware, fax solutions
 
-
* a LDAP based software management, a Thin Client Infrastructure
 
-
 
-
[[Univention|Screenshots]]
 
-
 
-
 
-
'''VELO'''
 
-
 
-
'''http://docs.safehaus.org/display/VELO/Home '''
 
-
 
-
VELO is an Open Source Identity and Access Provisioning server. Among the features:
 
-
 
-
* SPML V2 compliance.
 
-
* Role Based Access Control (RBAC)
 
-
* Consolidated Employee Identity Attributes repository
 
-
* Accounts Attribute Synchronization
 
-
* User and Access Reconciliations
 
-
* Integrated work-flow engine for complex business processes
 
-
* Self Service interfaces
 
-
* Support many resources
 
-
* Support Complete Account Operations
 
-
* Specific typed actions can be added easily
 
-
* Centralized Password Policy and Password Synchronization.
 
-
* Auditing & Compliance.
 
-
* Powerful scripting support for complex processes via Scripting expressions
 
-
* Supports more than 20 different scripting languages! new
 
-
* Remote services access via Web-Services.
 
-
* Extensible via Events.
 
-
* Advanced Report Designer & Web-based Reporting Manager.
 
-
* Pluggable Authentication Handlers.
 
-
* Jboss and Glassfish Support
 
-
 
-
 
-
'''WIKID'''
 
-
 
-
'''http://www.wikidsystems.net/'''
 
-
 
-
WiKID is a two-factor authentication system. It consists of: a PIN, stored in the user's head; a small, lightweight client that encapsulates the private/public keys; and a server that stores the public keys of the client's and the user's PIN. When the user wants to login to a service, they start the client and enter their PIN, which is encrypted and sent to the server. If the PIN is correct, the account active and the encryption valid, the user is sent a one-time passcode to use instead of a static password. You can think of WiKID as 'certificates on steroids'. It is more secure than certificates because the required PIN is only stored on the server, so it is not susceptible to offline passive attacks. It is easier because user enrollment is automated and you don't have to deal with a full certiticate infrastructure. You can also compare WiKID to hardware tokens: it is much easier to implement, more extensible, yet just as secure. Stealing either the token or the PIN does you no good. You must steal both, just like a hardware token.
 
[[Software Catalog Introduction|Previous]] [[Software Index|Software Index]] [[ERP/CRM|Next]]
[[Software Catalog Introduction|Previous]] [[Software Index|Software Index]] [[ERP/CRM|Next]]

Current revision

Personal tools