Home | | FAQ | | News | |Releases
Send us e-mail: slan@ithacaweb.com

SLAN ("secure LAN", pronounced ess-LAN) is, simply put, yet another virtual private networking system. It is not appropriately named since it does not, by default, make an insecure, "sniffable" LAN, secure. SLAN does, however, attempt to provide a secured link to the Internet or larger network over an untrusted broadcast link such as a 802.11 wireless link or non-switched Ethernet.


The development of this project was motivated by the insufficient security mechanisms built into the IEEE 802.11 wireless networking standard. Lightlink Internet, a local ISP here in Ithaca, wants to launch a city-wide and potentially larger 802.11 public wireless network, yet still offer data privacy for its customers even though their data is being broadcast over radio waves to, more or less, the entire city.


The SLAN project was created and developed to provide an easily changeable (or rather, fixable and upgradeable -- we should all know that real network security is a continuous effort, not a one-stop shop), open-source, software solution to this problem, providing client authentication, server/service authentication, data privacy (encryption) and integrity (MAC) using per-session per-user short life keys (as opposed to long term shared secrets like a WEP password), and ability to add any feasible features that the client or service provider finds useful and convenient, such as bandwidth accounting,account status, network status, etc.

The resulting development is a virtual private network system, designed mostly with the intent to protect the link between the client's machine and the service provider's internal networking infrastructure which is assumed (for the context of this project anyway) to be physically secure against privacy violations. SLAN DOES NOT PROTECT YOUR DATA ON THE INTERNET. However, the current design is flexible enough that it could be used for secured remote access through the Internet to a company or organization's private internal network, the way most other VPN implementations are intended to work. Our focus however was the link between the service provider's physically secured backbone network and the client, which for us, is a broadcast medium requiring very little effort or expense for a passive adversary to eavesdrop.