Projects

This site is being maintained for archival purposes only.
There will not be any maintenance or updates after 10/01/2006.

Another subject that was explored in the SEWP Security Center was Multi Operating System Authentication. Kerberos Authentication Server was installed on each one of the five testing environments with five various Operating Systems authenticating to the server. Kerberos can implement multiple symmetric algorithms with one way hash functions, so if one symmetric protocol is compromised, the authentication will still be valid using cryptographic practices. Read more about Kerberos Multi Op under Documents.

IPSECPF-IPSEC Packet Filter MS Windows, versions 2000 and above, include a strong IPSEC implementation. However the policy GUI has a number of drawbacks that make packet filter definition and maintenance cumbersome. There is no provision for symbolic definition of services, e.g. SSH for TCP port 22. Also, and more importantly, there is no provision for grouping. In other words, from the client perspective a definition of required open ports/services must be repeated in entirety for each and every port to each and every server to which the client may wish to communicate.

IPSECPF is a policy definition application that has been developed to provide symbolic service definition and grouping/nested-grouping of machines, networks, and services in order to allow for creation and maintenance of sophisticated IPSEC policies. Therefore target servers can be grouped into one name, e.g. Windows 2000 Domain Controllers. This group can then be an allowed target of communication for a client. If a new domain controller is created then the respective machine can be added to the Windows 2000 Domain Controllers group—instead of being exhaustively defined on a port by port basis. The GUI provides a standard firewall view of rule definition—source, destination, service, permit/deny. For ease of maintenance IPSECPF also provides entity and referential integrity for elements and groups.

It is hoped that the advent of easily created and more highly maintainable policies will encourage further deployment of packet filters on both client and server machines.

See a more detailed description with views here.

IPSECPF is available by request as a zip file. Please send a request here.

SEWPSC, as a participant in The Open Group Secure Messaging Challenge, configured a secure electronic messaging environment that consisted of an iPlanet 5.1 LDAP server, a Test Certificate of Authority (using OpenSSL 0.96e), and a Sendmail 8.11 server . The purpose of the challenge was “To enable organizations to exchange strongly encrypted email using a standards-based, vendor neutral architecture that does not require manual key exchange.” SEWPSC along with Boeing, Lynx Consulting, and other organizations participating in the Challenge, defined a rigorous testing environment to ensure useful, documented, and defensible test results. The product of the Open Group Secure Messaging Challenge has been a highly practicable way to use encrypted email across disparate organizations.

The Secure Messaging Challenge Summary Report and the Secure Messaging Toolkit are available here.

The scanner control project attempts to create wrapper code for Internet Security Systems System Scanner (version 6). The project implements a Windows Script Component (WSC) to allow for scripting, remote control, and live feedback from a scanner. The WSC implements an object that is available by any means specified for Microsoft DCOM objects (e.g. can be controlled by any language that supports DCOM). More information including a description of the methods implemented is available here.

The scanner control component, written using Windows Scripting Host and VB Script is available here. The code is downloadable as a txt file. The file extension should be renamed to wsc after downloading. The code can be made live by using the regsvr32 command.

Other projects in the planning stage include Secure Wireless Guest Authentication. Read more about this development under Documents.