MQ Standard Security Exit is a solution that allows a company to control and restrict who is accessing a WebSphere MQ resource. The security exit will operate with WebSphere MQ v6.0, v7.0, v7.1, or v7.5 in Windows, IBM i (OS/400), Unix, and Linux environments. It works with Server Connection, Receiver, Requestor, and Cluster-Receiver channels of WebSphere MQ queue manager. The MQ Standard Security Exit solution is comprised of a server-side security exit.
MQ Message Encryption (MQME) is a solution that provides encryption for WebSphere MQ message data while it resides in a queue and in the MQ logs. It uses AES and offers the ability to control who accesses protected queues. This control is obtained through the use of UserID grouping, and group files are similar to the Unix /etc/group file. It also has the ability to generate and validate messages using a SHA-2 digital signature.
MQ Channel Encryption (MQCE) is a solution that provides AES encryption for message data flowing between WebSphere MQ (WMQ) resources. It operates with Sender, Receiver, Server, Requestor, Cluster-Sender, Cluster-Receiver, Server Connection, and Client Connection channels of the WMQ queue managers. It is a simple drop-in solution and can be configured as a queue manager channel message exit or as a channel sender/receive exit pair.
MQ Authenticate User Security Exit (MQAUSX) is a solution that allows a company to fully authenticate a user who is accessing a WebSphere MQ resource. It verifies the user's user ID and password (and possibly domain name) against the server's native OS system (or domain controller) or a remote LDAP server. The security exit will operate with WebSphere MQ v6.0, v7.0, v7.1, or v7.5 in Windows, iSeries (OS/400), Unix, and Linux environments. It works with Server Connection, Client Connection, Sender, Receiver, Server, Requestor, Cluster-Sender, and Cluster-Receiver channels of WebSphere MQ queue manager. The MQ Authenticate User Security Exit solution is comprised of 2 components: client-side security exit and server-side security exit.
ipt_pkd is an iptables extension implementing port knock detection with SPA (single packet authorization). This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
Tenable Nessus is a world-leader in active vulnerability scanners. It features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, and vulnerability analysis of your security posture. Nessus scanners may be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks. It is free of charge for personal use in a non-enterprise environment.
The OATH Toolkit makes it easy to build one-time password authentication systems. It contains shared libraries, commandline tools, and a PAM module. Supported technologies include the event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm (RFC6238). OATH stands for Open AuTHentication, which is the organization which specifies the algorithms. For managing secret key files, the Portable Symmetric Key Container (PSKC) format described in RFC6030 is supported.
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The implementation attempts to be self-tuning on a wide variety of hardware and includes runtime validation testing. The tarball uses the GNU build mechanism and includes a devel sub-package, self test targets, init system options, and spec file samples for building an RPM. haveged may be used independently of the /dev/random interface through the filesystem at the command line. haveged functionality may be incorporated directly into other components directly through the devel sub-package.