ANNOUNCE: SLAN (802.11 wireless network security package) under GPL
Max Parke
mhp at lightlink.com
Wed Jun 13 21:46:50 EDT 2001
OVERVIEW
Current 802.11 wireless LANs suffer from a lack of security and
accountability. Because attackers no longer need to be physically
connected to your network, they can more easily break in without being
detected. Also, current networks are not well protected against
eavesdropping ; sensitive information can be intercepted with relative
ease, and without your being aware of it. For example, the recent
attacks against WEP (a common wireless security protocol) illustrate
the weaknesses of current implementations. Also, there is currently no
good way to identify which users are using excessive network bandwidth
or to charge users for network traffic or connection time.
The SLAN software is designed to solve these security problems on
802.11 wireless networks[1] with the following features:
* AUTHENTICATION
Users must supply a valid username and password before being
allowed to access the network
* ENCRYPTION
All network traffic is encrypted to prevent unauthorized
eavesdropping. Further, all connections are verified both by
client and server to prevent "impersonation" attacks
* ACCOUNTING
Each client's usage is recorded to permit charging for network
bandwidth use, as well as connect time, on a per-user basis[2]
* SLAN IS FREE SOFTWARE AND OPEN SOURCE
SLAN is released under the GNU General Public License (GPL); there
are no licensing or other fees associated with its use or
redistribution
SLAN is based on VPN (Virtual Private Network) technology. A VPN
creates a secure tunnel that can be used to transfer information
across potentially hostile networks. Typically a portion of this
tunnel goes through one or more wireless links, and in some cases, the
public Internet.
SLAN software consists of two components:
* CLIENT
The client software runs in each end-user's PC. Currently there
are client versions available for Windows (95/98/ME), and Linux.
* SERVER
The server software acts as the "other end" of the VPN tunnel in
the network. A single instance of the server software can support
several clients. Depending on your requirements, you may run a
number of SLAN servers distributed throughout your network, or a
single centralized SLAN server can be set up to handle all
clients. The server component runs under Linux.
SLAN client and server work together to make each client appear like
any other IP node on a LAN or WAN. Each client is dynamically assigned
a unique IP address at connect time by the SLAN server. This process
is similar to the way that LAN clients obtain their IP addresses using
DHCP, or the way that traditional dial-up clients are assigned
temporary IP addresses from a pool, using PPP. When the client
disconnects (or the connection times out), the IP address is released
and made available for reassignment to other clients.
NOTES
[1] SLAN works well over any LAN or WAN, a wireless network isn't
required. Some features of SLAN are optimized specifically for
wireless networks; however, SLAN won't break if run on a conventional
wired network.
[2] The current version of SLAN provides accounting data output in raw
form; further processing of the data is required in order to handle
billing and charging, etc. These back-end functions are currently
beyond the scope of the SLAN project.
AVAILABILITY
SLAN is released under the GPL; the Web page (including download area)
may be found at
http://slan.sourceforge.net/
----- End forwarded message -----
VPN is sponsored by SecurityFocus.com
More information about the VPN
mailing list