This solution is a Tk-based administrator interface used for managing web server resources along with appropriate access permissions.

In general, the administrative interface provides an administrator-friendly enviroment that allows for X.509 certificate-based management of groups, users, access control rules, web hosts and web resources.

The project additionally involved developing special plug-in modules for both Apache and Microsoft IIS Web servers for access control to server resources based on user SSL/X.509 certificate information.

Tools & technologies used: GNU/Linux, MS IIS, Apache1.2.x, Tcl/Tk, X.509

This project involved the development of a specialized software solution that provides secure access and tunnelling capabilities for various resources within Local Area Networks.

The software operates in an insecure, hostile environment such as public Internet, while ensuring safe and secure communications. The authentication and authorization of users is based on X.509 client certificates, while providing a possibility to utilize other authentication resources such as Radius, Kerberos, NIS/YP, ActiveDirectory or LDAP.

The users are be able to access a variety of resources from the internal network such as:
- Web resources
- SSH and Telnet accounts
- Windows Terminal Service (RDP) resources
- Mail servers via SMTP, POP3 and IMAP4
- Windows (SMB), FTP and NFS file repositories
- X11 Window System sessions

The maintenance personnel have access to a number of administration facilities, including:
- Transaction-based configuration control with ability to rollback
- resource list modification
- Users and groups permission management
- Configuration of the fall-back authentication services
- Basic system configuration and monitoring (date and time, system logs, active connections)
- Tunnelling configuration

Administrator’s identity is determined according to an X.509 client certificate.

Tools & technologies used: GNU/Linux, OpenSSL, X.509, Radius, Kerberos, NIS+, LDAP, Active Directory, Ruby, Java, RDP, X11, SMTP/POP/IMAP, CIFS, NFS, FTP, SSH

A real-time conference and instant messaging software designed to secure and encrypt file and data transfers and communications via LAN (Local Area Network) and the Internet. Intended for both corporate users and individuals, the messenger utilizes time-tested CAST (128-bit key), Triple DES (168-bit key), and Blowfish (448-bit key) ciphers for encrypting messages and files to ensure the best level of security possible.

The system can be configured to work in three different encryption modes: public-key mode (using 3072-bit Diffie-Hellman key-exchange protocol), symmetric mode (using a secret passphrase), and PGP-compatible mode (using an existing Pretty Good Privacy installation).

Tools & technologies used: Delphi, Visual C++, JDK, JSDK, JSP, Perl, Jabber, CryptLib, PGP SDK, symmetric and public key encryption algorithms, SSL, ASPack, Linux, Apache, Resin, IIS, Berkeley DB, CVS, WinCVS, SSH 1.

This plug-in for MSN and Windows Messenger is designed to enhance the functionality of the original Microsoft products in terms of security and privacy. It allows to encrypt MSN conferences, file and data transfers and is capable of saving the conference log as either encrypted or non-encrypted file. Besides, the software provides additional security features for Windows/MSN Messengers such as monitoring the important registry keys.

The plug-in can be configured to work in two different encryption modes: public-key mode (using Elliptic Curves Diffie-Hellman key-exchange protocol) and symmetric mode (using a secret passphrase). The software uses the time-tested AES-192 cipher for encrypting messages and files

Tools & technologies used: Visual C++ 6.0 SP5, WinAPI, COM, TCP/IP, WinSock, MSN Messenger API, Key Exchange and Digital Signature algorithms (based on elliptic curves scheme), Symmetric and public key encryption algorithms, MFC, ATL, WTL, STL, Rational Rose, Microsoft Visio.

The Firewall Appliance is a software package for multifunctional network devices, based on GNU/Linux technology. The Appliance provides the following services:

1. Network filter/Firewall. Based on IP Tables Linux feature, with intuitive user model available in native client administration tool. Features easy-to-use blacklists and service-based access control.
2. Mail server with support for SMTP, POP3 and IMAP protocols that handles virtual mail domains, aliases and user quotas. Based on Postfix MTA.
3. Proxy server. Provides HTTP, HTTPS and FTP access based on ACL. The Proxy supports SOCKS5 protocol based on Squid and Dante packages.
4. Name server based on Bind that handles private and external DNS zones.
5. Web server that permits device users to publish their personal web pages.
6. Anonymous FTP server based on vsftpd.
7. Statistics subsystem that gathers and displays statistics on firewall rules, network interfaces usage, HTTP/FTP traffic and so on.
8. File server based on Samba that hosts SMB file shares for an internal network.
9. QoS support that allows to control quality of service for several categories of traffic and users.
10. Network time protocol support.
11. Configuration system. Implements transaction-based core with pluggable modules, and a web-based or Tcl/Tk front-end. Modules exist for each of the above-mentioned services, as well as for generic system settings, network interfaces, disk volumes and user management. Written in Ruby.

Tools & technologies used: Linux, IPTables, Squid, SOCKS, BIND, Ruby, HTML, Tcl/Tk.

This is a solution designed to provide rich management capabilities of multiple proprietary Virtual Private Network (VPN) appliances targeting primarily companies with distributed networks who need to ensure safe communications between various network environments, including public Internet.

VPN/Firewall manager dramatically facilitates the task of managing thousands of Firewall/VPN appliances from a central location while additionally offering:

- Supreme security and ease-of-use. Device status monitoring, reporting, maintenance and upgrades can be performed hassle-free over a secure SSL connection;
- Multi-tier architecture with support for role-based access, multiple administrator accounts, and logical grouping of appliances;
- Platform-independence delivered by J2EE- and J2SE-compliant runtime environment;

Tools & technologies used: JDBC API, Enterprise JavaBeans (EJB2), JMS, JSSE, Servlets, Swing.