Credits

It takes a lot to build a full blown 'state of the Art' Internet Hosting Service as provided by XSecHosting. It is here where we list the subsytems used to make XSecHosting Hosting Service and express the recognition so deserved, on behalf of XSecHosting, it's clients.




System, Network/Services Architecture & Design

XSystems Consultants Ltd


Responsible for providing the System, Network/Services Architecture & Design along with the research and integration that made XSecHosting possible.

http://www.xsystems.co.uk


Operating System

Ubuntu
GNU/Linux
http://www.ubuntu.com http://www.gnu.org
http://www.kernel.org


E-Mail Services

Sendmail

is the MTA or Mail Transport Agent  responsible for routing email from server to server.  Sendmail was compiled with STARTTLS providing  the TLS secured channel from your email client to the XSecHosting Server.

http://www.sendmail.org
CyrusSASL

Provides the Sendmail Service Authentication/Access Layer for Sendmail, making sure only authenticated XSecHosting users can send mail from the XSecHosting Server

http://asg.web.cmu.edu/sasl/
MIMEDefang

Implements the email filter called from the sendmail milter interface. Its job is to remove hostile MIME attachments from incoming email and to call ClamAV to do the anti-virus checking

http://www.mimedefang.org/
ClamAV


Detects and isolates/removes known Viruses from emails. It's called from MIMEDefang

http://www.clamav.net/
MilterSPF

Implements the the sender Policy Protocol in sendmail via its milter interface. It's an anti spam measure designed to assist in server authentication.

http://spf.pobox.com/
WU-IMAP


Provides the Authentication and Access to your eMail over an SSL secured channel. Implements both the IMAPs and POPs protocols.

http://www.washington.edu/imap
SpamAssassin

SpamAssassin is a mail filter to identify spam. It is an intelligent email filter which uses a diverse range of tests to identify unsolicited bulk email, more commonly known as Spam. It also uses the Vipuls' Razor and Pyzor databases to assist in Spam detection  It's called before finally delivering an email. and its' settings are set from Usermin Interface

http://spamassassin.apache.org/
Vipul's Razor

is a distributed, collaborative, spam detection and filtering network. Through user contribution, Razor establishes a distributed and constantly updating catalogue of spam in propagation that is consulted by email clients to filter out known spam

http://razor.sourceforge.net/
Pyzor

is a collaborative, networked system to detect and block spam using identifying digests of messages.

http://pyzor.sourceforge.net/
SquirrelMail

Implements the XSecHosting WebMail Services. Supporting a wealth of features including the ability to use GPG for digital signitures and/or (en/de)cryption.

http://www.squirrelmail.org/
MailMan


Implements the XSecHosting email list services.

http://www.gnu.org/software/mailman/



WWW Services

Apache HTTP Server

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards


http://www.apache.org
   
HTTP Service Support Modules
 
mod_php


mod_php embeds a persistent PHP interpreter in the Apache webserver. Thus overhead of starting an external interpreter and avoids the penalty Interpreter start-up time, thus accelerating PHP based dynamic content



http://www.php.net
mod_perl




as mod_php only it embeds the Perl Interpreter.



http://perl.apache.org
mod_python




as mod_php only it embeds the Python Interpreter



http://www.modpython.org
mod_ssl

provides strong cryptography for the Apache webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL. In a word its what make the https protocol possible in  the Apache webserver.


http://www.modssl.org
   
HTTP Service Support Libraries
 
mcrypt

Libmcrypt, which contains encryption functions, and provides a standardized mechanism for accessing them. Use by PHP



http://mcrypt.sourceforge.net
mhash


Mhash is a free (under GNU Lesser GPL) library which provides a uniform interface to a large number of hash algorithms. These algorithms can be used to compute checksums, message digests, and other signatures. Used by PHP



http://mhash.sourceforge.net
mm


OSSP mm is a 2-layer abstraction library which simplifies the usage of shared memory between forked (and this way strongly related) processes under Unix platforms. Used by PHP



http://www.ossp.org/pkg/lib/mm
mcal

Modular Calendar Access Library. libmcal is a C library for accessing calendars. It's written to be very modular, with pluggable drivers. One of the main drivers it handles is ICAP. ICAP is an internet protocol that has very close ties with the IMAP protocol. Using ICAP, you can access a calendar in very much the same way as you use IMAP to access a remote mailbox


http://sourceforge.net/projects/libmcal
   
wv2
wv is a library and access which allows access to Microsoft Word files. It can load and parse Word 2000, 97, 95 and 6 file formats. (These are the file formats known internally as Word 9, 8, 7 and 6.) There is some support for reading earlier formats as well: Word 2 docs are converted to plaintex.
libwmf
is a library for reading vector images in Microsøft's native Windøws Metafile Format (WMF) and for either (a) displaying them in, e.g., an X window; or (b) converting them to more standard/open file formats such as, e.g., the W3C's XML-based Scaleable Vector Graphic (SVG) format.


http://wvware.sourceforge.net
   
gd

GD is an open source code library for the dynamic creation of images by programmers. GD is written in C, and "wrappers" are available for Perl, PHP and other languages. GD creates PNG, JPEG and GIF images, among other formats. GD is commonly used to generate charts, graphics, thumbnails, and most anything else, on the fly.


http://www.boutell.com/gd
imagemagick

ImageMagick®, is a free software suite to create, edit, and compose bitmap images. It can read, convert and write images in a large variety of formats. Images can be cropped, colors can be changed, various effects can be applied, images can be rotated and combined, and text, lines, polygons, ellipses and Bézier curves can be added to images and stretched and rotated.


http://www.imagemagick.org
netpbm


Netpbm is a package of graphics programs and a programming library. There are over 220 separate programs in the package, most of which have "pbm", "pgm", "ppm", "pam", or "pnm" in their names.



http://netpbm.sourceforge.net
   
HTTP Service Scripting Languages  
PHP




One of the more popular scripting languages.



http://www.php.net
Perl





Another one of the more popular scripting languages.



http://www.perl.org
Python




And another one of the more popular scripting languages.



http://www.python.org
Ruby




This is a newer scripting language, and it is fast becoming one of the more popular scripting languages.



http://www.ruby-lang.org
   
CMS (Content Management Systems)
 
PostNuke

PostNuke is one of the most powerful open source content management systems in the world (source http://www.postnuke.com).  (XSecHosting: With over 1000 themes and masses of modules there probably right, hence this is the XSecHosting recommended CMS).


http://www.postnuke.com
Xoops


XOOPS is an extensible, OO (Object Oriented), easy to use dynamic web content (XSecHosting: Not quite as many modules, themes as Postnuke. There is a debate as to whether or not it is as easy to use as PostNuke!). 



http://www.xoops.org
Typo3

TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets. It offers full flexibility and extendability while featuring an accomplished set of ready-made interfaces, functions and modules. (XSecHosting: Truely a stellar Effort by a 'brother', however there is currently a lack in the themes department).


http://typo3.com
http://typo3.org
   
HTTP Service Statistics
 
AWStats

AWStats is a free powerful and featureful tool that generates advanced web, streaming, ftp or mail server statistics, graphically. This log analyzer works as a CGI or from command line and shows you all possible information your log contains, in few graphical web pages.



http://awstats.sourceforge.net
Webalizer

The Webalizer is a fast, free web server log file analysis program. It produces highly detailed, easily configurable usage reports in HTML format, for viewing with a standard web browser.



http://www.mrunix.net/webalizer


SSL/TLS and other Security Implementation Mechanisms

OpenSSL

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library

http://www.openssl.org
OpenSSH

OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.  XSecHosting users use scp/sftp to upload webpages, with various appropriate client software (see below: )

http://www.openssh.com
GnuTLS

GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the proposed standards by the IETF's TLS working group. Some Subsystems seem to prefer this implementation instead of  openSSL.

http://www.gnu.org/software/gnutls
loop-aes



provides process interface to the kernel encryption functions in the form of loopback devices, used for creating encrypted swap space (XSecHosting recommends encrypting swap space) and other disk partitions/filesytems.



http://loop-aes.sourceforge.net
FreeS/WAN

an implementation of IPSEC & IKE for Linux. IPSEC is Internet Protocol SECurity. It uses strong cryptography to provide both authentication and encryption services. Authentication ensures that packets are from the right sender and have not been altered in transit. Encryption prevents unauthorised reading of packet contents.


http://www.freeswan.org
OpenS/WAN


Openswan is an Open Source implementation of IPsec for the Linux operating system. Is it a code fork of the FreeS/WAN project.

http://www.openswan.org
GnuPG (Gnu Privacy Guard for Encryption & Digital Signitures)

provides the eMail/File level digital signing and (en/de)crypting functions, used in Squirrelmail (the XSecHosting webMail tool) and enigmail the transparent Mozilla (the BCIGNet recommended browser/email suite) emailer plugin (works with Thunderbird too).

http://www.gnupg.org


PK (GPG/PGP public key) Services

 OpenPGP Public Key Server

Provides the peered XSecHosting public key service used by GnuPG in the Squirrelmail (the XSecHosting webMail tool) and enigmail the transparent Mozilla (the BCIGNet recommended browser/email suite) emailer plugin (works with Thunderbird too).

http://pks.sourceforge.net

CA (Certificate Authority) Services

OpenCA

The OpenCA Project is a collaborative effort to develop a robust, full-featured and Open Source out-of-the-box Certification Authority implementing the most used protocols with full-strength cryptography world-wide. XSecHosting CA Services uses OpenCA to maintain it's server certificate  infrastructure.

http://www.openca.org


System Monitoring, Intrusion Detection, and Firewalls

Snort

Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Over the years Snort has evolved into a mature, feature rich technology that has become the de facto standard in intrusion detection and prevention.


http://www.snort.org
Snare


The Snare Micro Server is a program that provides a central collection facility for a variety of log sources.

Snare for Linux provides a 'C2' or 'CAPP' style audit subsystem for the Linux operating sysystem. It can be used as a standalone auditing tool for Linux, or can send data to the Snare Server for analysis and storage.

RazorBack is a GUI log analysis program that interfaces with the SNORT open source Intrusion Detection System to provide real time visual notification when an intrusion signature has been detected on the network.




http://www.intersectalliance.com/
projects/index.html
LIDS


The Linux Intrusion Detection System (LIDS) is a kernel patch and admin tools which enhances the kernel's security by implementing Mandatory Access Control (MAC).


http://www.lids.org
Firestorm NIDS



Firestorm is an extremely high performance network intrusion detection system (NIDS).



http://www.scaramanga.co.uk/firestorm
AIDE


AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire. It does the same things as the semi-free Tripwire and more.


http://www.cs.tut.fi/~rammer/aide.html
   
KMyFirewall




KDE  based Firewall  GUI for linux IPTables



http://kmyfirewall.sourceforge.net
GuardDog




another KDE based Firewall GUI for linux IPTables

http://www.simonzone.com/
software/guarddog
FireStarter



Gnome based Firewall GUI for linux IPTables



http://www.fs-security.com
   
ntop



ntop is a network traffic probe that shows the network usage, similar to the popular top Unix command



http://www.ntop.org/ntop.html
Nefu



nefu monitors network services and reports outages. Working from a discription of the network topography



http://rsug.itd.umich.edu/software/nefu/
HeartBeat




checks/informs a server is up and running. as server monitor heart beat forms the basis for High Availability failover solutions



http://www.linux-ha.org
Mon



Service Monitoring Process mon is a general-purpose scheduler and alert management tool used for monitoring service availability and triggering alerts upon failure detection.



http://www.kernel.org/software/mon/


Load Balancing and High Availability

keepalived



keepalived is a userspace process for LVS cluster nodes health checks and LVS directors failover


http://www.keepalived.org/
LVS


The Linux Virtual Server is a highly scalable and highly available server built on a cluster of real servers, with the load balancer running on the Linux operating system


http://www.linuxvirtualserver.org/
Piranha





The Redhat project based on LVS to create load balanced and highly available network services from which ideas and componets where taken.



http://www.redhat.com/
software/rha/
cluster/piranha/
Ultamonkey



another project based on LVS to create load balanced and highly available network services from which ideas and components where taken.


http://www.ultramonkey.org/
   
Coda

Coda is an advanced networked filesystem implementing
  • server replication
  • encryption and access control
  • continued operation during partial network failures in server network
  • network bandwith adaptation
 


http://www.coda.cs.cmu.edu/
RAID

Redundant Arrays of inexpensive disks configured  on BCISGnet configured as Raid I or Disk Mirroring for 

Built in to the Kernel with tools part of the Slackware Distibution, mentioned here because of the import role played in High Availabiliy Systems
No Logo or Link required
LVM

LVM is a Logical Volume Manager for the Linux operating system, as RAID it's built in to the Linux kernel with tools part of the Slackware Distribution
No Logo or Link required



Databases and Active Directories

OpenLDAP



OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol.



http://www.openldap.org
MySQL



The MySQL database server is the world's most popular open source database. (source http://www.mysql.com)



http://www.mysql.com
PostgreSQL



PostgreSQL is a highly scalable, SQL compliant, open source object-relational database management system



http://www.postgresql.org/


System/User (remote) Administration

Webmin




Webmin is a web-based interface for system administration for Unix. XSecHosting mainly uses it for mysql administration.



http://www.webmin.com
Usermin


Usermin is a web-based administration interface for users. XSecHosting users use this module to set things like SpamAssassin detection thresholds, White and Blacklists, and other mail related setting eg for procmail the mail delivery program.



http://www.webmin.com/index6.html