When IT security consultants attend hacker conferences, they have high expectations for finding open-source security tools that have been tested in hostile environments.
One tool that met the standard for hacker information technology consultants is the Linux FreeS/WAN project, free, open-source Linux-based server software that uses strong encryption to create secure data tunnels between any two points on the Internet — a badly needed alternative to expensive, proprietary virtual private networks (VPNs).
FreeS/WAN uses the proposed IPsec protocol, an interoperable global standard for securing IP connections. It automatically encrypts data packets at 6Mbps. and creates secure gateways in a VPN without modifying the operating system or application software. A PC running FreeS/WAN can set up a secure tunnel in less than a second.
The software generated strong interest among the 1,800 hackers who attended the Chaos Communication Camp, the Chaos Computer Club’s first international hacker conference held outside Berlin last weekend. Among the attendees was Kurt Seifried, an independent security consultant from Edmonton, who uses FreeS/WAN to create secure networks for corporate customers.
Seifried said he is encouraged by a recent announcement by the Ontario Information and Privacy Commission that pointed out that the Internet is insecure and urged everyone to learn to use strong encryption. “Encryption is no good unless the majority of people use it,” he said.
Seifried said he implemented FreeS/WAN with a retail client, Best Computers, in Edmondton, which needed a system to let stores securely access inventory in real time. He looked at the PPTP network protocol for Windows NT servers but decided it was too insecure.
“PPTP is a total disaster. L0phtcrack (a hacking tool) just goes through it like a buzz saw,” said Seifried, who has posted a 177-page guide to Linux security on the Web.
Instead, Seifried used FreeS/WAN to connect client machines on either side of two firewalls. He said it created a negligible load on the network and could be run on cheap US$500 PCs with two network cards to create a gateway. The system costs $3,000 in hardware for five locations, as opposed to $15,000 for a commercial VPN, Seifried said.
FreeS/WAN’s biggest drawback, according to Seifried, is that the last stable release is several months old and it doesn’t work with the new Linux kernel Version 2.0. He advised users to examine several FreeS/WAN snapshots and recommended the June 14 snapshot.
Speaking in a camp workshop, FreeS/WAN developer Hugh Daniels said his software is especially useful for e-commerce, banking and financial interests that are losing money to theft and fraud.
“The entire finance system of the world leaks like a sieve,” Daniels said. “Our goal is transparent encryption.”