When IT security consultants attend hacker conferences, they have high expectations for finding open-source security tools tested in hostile environments. One that meets the standard for hacker information technology consultants is the FreeS/WAN project's free, open-source Linux-based server software that uses strong encryption to create secure data tunnels between any two points on the Internet -- a needed alternative to expensive, proprietary virtual private networks (VPN).
FreeS/WAN uses the IPSec protocol, an interoperable global standard for securing IP connections. It automatically encrypts data packets at 6 bit/sec. and creates secure gateways in a VPN without modifying the operating system or application software. A PC running FreeS/WAN (http://www.xs4all.nl/freeswan) can set up a secure tunnel in less than a second.
The software generated strong interest among the 1,800 hackers who attended the Chaos Communication Camp, the Chaos Computer Club's first international hacker conference, held here last week. Among the attendees was Kurt Seifried, an independent security consultant from Edmonton, Alberta, who uses FreeS/WAN to create secure networks for customers.
Seifried said he's encouraged by an announcement from the Ontario Information and Privacy Commission, which pointed out that the Internet wasn't secure and urged everyone to learn to use strong encryption. "Encryption is no good unless the majority of people use it," he said.
Seifried said he implemented FreeS/WAN with a client, Best Computers in Edmondton, which needed a system to let stores securely access inventory in real time. He looked at the PPTP network protocol with Windows NT servers but decided it was too insecure. "PPTP is a total disaster. L0phtcrack just goes through it like a buzz saw," said Seifried, who has posted a guide to Linux security on the Web.
Instead, Seifried used FreeS/WAN to connect client machines on either side of two firewalls. He said it created a negligible load on the network and could be run on US$500 PCs with two network cards to create a gateway. The system cost $3,000 in hardware for five locations, as opposed to $15,000 for a commercial VPN, he said.
FreeS/WAN's biggest drawbacks, Seifried said, are that the last stable release is several months old and it doesn't work with the Linux kernel Version 2.0. He said he advises users to examine FreeS/WAN snapshots and recommends the June 14 one.
At the camp, FreeS/WAN developer Hugh Daniels said his software is useful for e-commerce and financial interests that lose money to theft and fraud. "The entire finance system of the world leaks like a sieve," Daniels said. "Our goal is transparent encryption."
SIDEBAR: Hackers on Holiday Network, PartyAt the outdoor computing event of the summer, 1,800 hackers gathered at the Chaos Communication Camp in a field outside Berlin this week. Hackers on holiday swapped security tools, viewed lock-picking demonstrations, discussed encryption politics and went for dips in the local lake.
Organised by the Berlin-based Chaos Computer Club (CCC), the camp featured a sculpted spaceship and a "landing area" illuminated by glowing neon pillars.
Hackers in tents were connected by CAMPnet, a switched Gigabit Ethernet that was billed as the largest civilian open-air Internet network ever created. CAMPnet supported 1,500 hosts, a 34M-bit/sec. Internet link and an aggregated Internet bandwidth of 20M bit/sec. Seventeen "data toilet" portable potties housed network routers. A camper who attempted to attack the network found himself cleaning toilets.
The camp's featured event was the Linux Death Match, in which teams of network administrators tried to halt one another's network services. The match was won by a team of people from Munich who chose not to attack, but instead to fortify their machine with FreeBSD (an open-source operating system like Linux) tools.
The camp's re-engineering awards went to a group that altered identification numbers on Global System for Mobile Communications cell phones and another team that defeated a biometric fingerprint-scanning system.
CCC spokesman Andy Müller-Maguhn noted that unlike the U.S., which imposes export restrictions on strong encryption, German politicians listened to advice from the hacker community and then chose not to impose similar controls.
"People here are always thinking critically about fascism, so people want to drive the technology, not be driven by it," Müller-Maguhn said.
Wuzz, a waffle vendor from Brandenburg, Germany said he saw no racism at the event, which, he said, is unusual in eastern Germany.
"Look at this place," Wuzz said. "Do you see any rubbish, any people fighting? This is a very special kind of Woodstock."