When you are building your firewall, you may wish to replace your standard daemons with the daemons described in the following sections.
| ftp://ftp.wustl.edu/packages/wuarchive-ftpd/ |
| ftp://ftp.uu.net/networking/archival/ftp/wuarchive-ftpd/ |
The wuarchive FTP daemon offers many features and security enhancements, such as per-directory message files shown to any user who enters the directory, limits on number of simultaneous users, and improved logging and access control. These enhancements are specifically designed to support anonymous FTP.
| http://www.gated.merit.edu |
GateD is a routing daemon that provides multi-protocol support and filters routes based on their source. GateD used to be freely available but is now a commercial product.
| http://www.zebra.org |
Zebra is an open source routing daemon that provides multi-protocol support and filters routes based on their source.
| http://www.postfix.org |
Postfix, by Wietse Venema, is a security-oriented Unix mailer daemon; it is discussed in Chapter 16.
| http://www.qmail.org |
qmail, by Dan Bernstein, is a security-oriented Unix mailer daemon; it is discussed in Chapter 16.
| ftp://ftp.planix.com/pub/Smail/ |
smail is also a replacement Unix mailer daemon, discussed in Chapter 16.
| ftp://coast.cs.purdue.edu/pub/tools/unix/portmap.shar |
portmap, from Wietse Venema, is a portmapper replacement that offers access control in the style of the TCP Wrapper program, described in Section 2.6, later in this appendix.
| http://www.transarc.com |
AFS is a network filesystem that is more suitable for use across wide area networks such as the Internet than traditional LAN-oriented network filesystem protocols such as NFS. From the AFS document:
AFS is a distributed filesystem that enables cooperating hosts (clients and servers) to efficiently share filesystem resources across both local area and wide area networks.
AFS is marketed, maintained, and extended by Transarc Corporation.
AFS is based on a distributed file system originally developed at the Information Technology Center at Carnegie-Mellon University.
| http://rsync.samba.org/rsync |
rsync is a synchronization protocol that uses checksums to determine differences (instead of relying on modification dates) and does partial file transfers (transferring only the differences instead of the entire files). rsync was developed by Andrew Tridgell and Paul Mackerras. The rsync daemon, rsyncd, provides an efficient and secure way to make files available to remote sites.
| http://www.samba.org |
Samba is an open source package for Unix and related systems that provides SMB/CIFS service, including file and printer sharing. It allows a Unix system to act as a server for PCs. In addition, the Samba source is an effective form of documentation of how SMB/CIFS works and provides a number of tools that may help you in debugging Microsoft networks.
| http://www.ssh.org |
ssh is a secure remote login program, available for both Unix and Windows NT. It is discussed in Chapter 18.
| http://www.microsoft.com/backofficeserver |
BO2K is a remote control program for Microsoft Windows systems. It is discussed in Chapter 18.