From: Max Parke [mhp@lightlink.com]
Sent: Thursday, June 14, 2001 4:50 PM
To: sectools@securityfocus.com
Subject: ANNOUNCE: SLAN (802.11 wireless network security package) under
GPL


   OVERVIEW
   
   Current 802.11 wireless LANs suffer from a lack of security and
   accountability. Because attackers no longer need to be physically
   connected to your network, they can more easily break in without being
   detected. Also, current networks are not well protected against
   eavesdropping ; sensitive information can be intercepted with relative
   ease, and without your being aware of it. For example, the recent
   attacks against WEP (a common wireless security protocol) illustrate
   the weaknesses of current implementations. Also, there is currently no
   good way to identify which users are using excessive network bandwidth
   or to charge users for network traffic or connection time.
   
   The SLAN software is designed to solve these security problems on
   802.11 wireless networks[1] with the following features:
     * AUTHENTICATION
       Users must supply a valid username and password before being
       allowed to access the network
     * ENCRYPTION
       All network traffic is encrypted to prevent unauthorized
       eavesdropping. Further, all connections are verified both by
       client and server to prevent "impersonation" attacks
     * ACCOUNTING
       Each client's usage is recorded to permit charging for network
       bandwidth use, as well as connect time, on a per-user basis[2]
     * SLAN IS FREE SOFTWARE AND OPEN SOURCE
       SLAN is released under the GNU General Public License (GPL); there
       are no licensing or other fees associated with its use or
       redistribution
       
   SLAN is based on VPN (Virtual Private Network) technology. A VPN
   creates a secure tunnel that can be used to transfer information
   across potentially hostile networks. Typically a portion of this
   tunnel goes through one or more wireless links, and in some cases, the
   public Internet.
   
   SLAN software consists of two components:
     * CLIENT
       The client software runs in each end-user's PC. Currently there
       are client versions available for Windows (95/98/ME), and Linux.
     * SERVER
       The server software acts as the "other end" of the VPN tunnel in
       the network. A single instance of the server software can support
       several clients. Depending on your requirements, you may run a
       number of SLAN servers distributed throughout your network, or a
       single centralized SLAN server can be set up to handle all
       clients. The server component runs under Linux.
       
   SLAN client and server work together to make each client appear like
   any other IP node on a LAN or WAN. Each client is dynamically assigned
   a unique IP address at connect time by the SLAN server. This process
   is similar to the way that LAN clients obtain their IP addresses using
   DHCP, or the way that traditional dial-up clients are assigned
   temporary IP addresses from a pool, using PPP. When the client
   disconnects (or the connection times out), the IP address is released
   and made available for reassignment to other clients.
   
   NOTES
   [1] SLAN works well over any LAN or WAN, a wireless network isn't
   required. Some features of SLAN are optimized specifically for
   wireless networks; however, SLAN won't break if run on a conventional
   wired network.
   [2] The current version of SLAN provides accounting data output in raw
   form; further processing of the data is required in order to handle
   billing and charging, etc. These back-end functions are currently
   beyond the scope of the SLAN project.

   AVAILABILITY

   SLAN is released under the GPL; the Web page (including download area)
   may be found at
       http://slan.sourceforge.net/