Security Administrator Tool for Analyzing Networks

Last updated
SATAN
Original author(s) Dan Farmer and Wietse Venema
Written in Perl, Shell scripts
Operating system Unix
Size 767k, uncompressed
Available inEnglish
Type Security software
Website www.porcupine.org/satan/

Security Administrator Tool for Analyzing Networks (SATAN) was a free software vulnerability scanner for analyzing networked computers. SATAN captured the attention of a broad technical audience, appearing in PC Magazine [1] and drawing threats from the United States Department of Justice. [1] It featured a web interface, complete with forms to enter targets, tables to display results, and context-sensitive tutorials that appeared when a vulnerability had been found.

Contents

Naming

For those offended by the name SATAN, the software contained a special command called repent, which rearranged the letters in the program's acronym from "SATAN" to "SANTA".

Description

The tool was developed by Dan Farmer and Wietse Venema. Neil Gaiman drew the artwork for the SATAN documentation.

SATAN was designed to help systems administrators automate the process of testing their systems for known vulnerabilities that can be exploited via the network. This was particularly useful for networked systems with multiple hosts. Like most security tools, it was useful for good or malicious purposes – it was also useful to would-be intruders looking for systems with security holes.

SATAN was written mostly in Perl and utilized a web browser such as Netscape, Mosaic or Lynx to provide the user interface. This easy to use interface drove the scanning process and presents the results in summary format. As well as reporting the presence of vulnerabilities, SATAN also gathered large amounts of general network information, such as which hosts are connected to subnets, what types of machines they are and which services they offered. [2]

Status

SATAN's popularity diminished after the 1990s. It was released in 1995 and development has ceased. In 2006, SecTools.Org conducted a security popularity poll and developed a list of 100 network security analysis tools in order of popularity based on the responses of 3,243 people. Results suggest [3] that SATAN has been replaced by nmap, Nessus and to a lesser degree SARA (Security Auditor's Research Assistant), and SAINT.

Related Research Articles

<span class="mw-page-title-main">Device driver</span> Computer program that operates or controls a device that is attached to a computer

In computing, a device driver is a computer program that operates or controls a particular type of device that is attached to a computer or automaton. A driver provides a software interface to hardware devices, enabling operating systems and other computer programs to access hardware functions without needing to know precise details about the hardware being used.

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a compound of "root" and the word "kit". The term "rootkit" has negative connotations through its association with malware.

<span class="mw-page-title-main">Nmap</span> Network scanner

Nmap is a network scanner created by Gordon Lyon. Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses.

<span class="mw-page-title-main">Wietse Venema</span> American computer scientist

Wietse Zweitze Venema is a Dutch programmer and physicist best known for writing the Postfix email system. He also wrote TCP Wrapper and collaborated with Dan Farmer to produce the computer security tools SATAN and The Coroner's Toolkit.

Nessus is a proprietary vulnerability scanner developed by Tenable, Inc.

TCP Wrappers is a host-based networking ACL system, used to filter network access to Internet Protocol servers on (Unix-like) operating systems such as Linux or BSD. It allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens on which to filter for access control purposes.

A white hat is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabilities or security issues the current system has. The white hat is contrasted with the black hat, a malicious hacker; this definitional dichotomy comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat, respectively. There is a third kind of hacker known as a grey hat who hacks with good intentions but at times without permission.

Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by a threat actor, such as an attacker, to cross privilege boundaries within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerabilities are also known as the attack surface. Constructs in programming languages that are difficult to use properly can also manifest large numbers of vulnerabilities.

<span class="mw-page-title-main">Dan Farmer</span> American computer security researcher and programmer

Dan Farmer is an American computer security researcher and programmer who was a pioneer in the development of vulnerability scanners for Unix operating systems and computer networks.

The Computer Oracle and Password System (COPS) was the first vulnerability scanner for Unix operating systems to achieve widespread use. It was created by Dan Farmer while he was a student at Purdue University. Gene Spafford helped Farmer start the project in 1989.

<span class="mw-page-title-main">Metasploit</span> Computer security testing tool

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.

Crack is a Unix password cracking program designed to allow system administrators to locate users who may have weak passwords vulnerable to a dictionary attack. Crack was the first standalone password cracker for Unix systems and the first to introduce programmable dictionary generation as well.

<span class="mw-page-title-main">Intel Active Management Technology</span> Out-of-band management platform by Intel

Intel Active Management Technology (AMT) is hardware and firmware for remote out-of-band management of select business computers, running on the Intel Management Engine, a microprocessor subsystem not exposed to the user, intended for monitoring, maintenance, updating, and repairing systems. Out-of-band (OOB) or hardware-based management is different from software-based management and software management agents.

SAINT is computer software used for scanning computer networks for security vulnerabilities, and exploiting found vulnerabilities.

A zero-day is a vulnerability or security hole in a computer system unknown to its owners, developers or anyone capable of mitigating it. Until the vulnerability is remedied, threat actors can exploit it in a zero-day exploit, or zero-day attack.

Reverse engineering is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accomplishes a task with very little insight into exactly how it does so. Depending on the system under consideration and the technologies employed, the knowledge gained during reverse engineering can help with repurposing obsolete objects, doing security analysis, or learning how something works.

Network enumeration is a computing activity in which usernames and info on groups, shares, and services of networked computers are retrieved. It should not be confused with network mapping, which only retrieves information about which servers are connected to a specific network and what operating system runs on them. Network enumeration is the discovery of hosts or devices on a network. Network enumeration tends to use overt discovery protocols such as ICMP and SNMP to gather information. It may also scan various ports on remote hosts for looking for well known services in an attempt to further identify the function of a remote host. The next stage of enumeration is to fingerprint the operating system of the remote host.

Memory forensics is forensic analysis of a computer's memory dump. Its primary application is investigation of advanced computer attacks which are stealthy enough to avoid leaving data on the computer's hard drive. Consequently, the memory (RAM) must be analyzed for forensic information.

Vulnerability assessment is a process of defining, identifying and classifying the security holes in information technology systems. An attacker can exploit a vulnerability to violate the security of a system. Some known vulnerabilities are Authentication Vulnerability, Authorization Vulnerability and Input Validation Vulnerability.

References

  1. 1 2 Tabibian, O. Ryan (April 23, 1996). "Internet Scanner Finds Security Holes". PC Magazine. Ziff Davis, Inc.
  2. Farmer, Dan; Wietse Venema (1993). "Improving the Security of Your Site by Breaking Into it". Sun Microsystems. Eindhoven University of Technology. Retrieved 30 May 2014.
  3. Heiser & Kruse (2002). Computer Forensics: Incident Response Essentials . Lucent Technologies. ISBN   0201707195.