SAINT (software)

Last updated May 30, 2024

SAINT (Security Administrator's Integrated Network Tool) is computer software used for scanning computer networks for security vulnerabilities, and exploiting found vulnerabilities.

SAINT Network Vulnerability Scanner

The SAINT scanner screens every live system on a network for TCP and UDP services. For each service it finds running, it launches a set of probes designed to detect anything that could allow an attacker to gain unauthorized access, create a denial-of-service, or gain sensitive information about the network.^[1]^[2]

SAINT provides support to the Security Content Automation Protocol (SCAP) specification as an Unauthenticated Vulnerability Scanner and Authenticated Vulnerability and Patch Scanner.^[3] SAINT is also an approved scanning vendor with the Payment Card Industry (PCI).^[4]

The Four Steps of a SAINT Scan:

Step 1 – SAINT screens every live system on a network for TCP and UDP services.
Step 2 – For each service it finds running, it launches a set of probes designed to detect anything that could allow an attacker to gain unauthorized access, create a denial-of-service, or gain sensitive information about the network.
Step 3 – The scanner checks for vulnerabilities.
Step 4 – When vulnerabilities are detected, the results are categorized in several ways, allowing customers to target the data they find most useful.

SAINT can group vulnerabilities according to severity, type, or count. It can also provide information about a particular host or group of hosts. SAINT describes each of the vulnerabilities it locates; references Common Vulnerabilities and Exposures (CVE), CERT advisories, and IAVA (Information Assurance Vulnerability Alerts); and describes ways to correct the vulnerabilities. In many cases, the SAINT scanner provides links to patches or new software versions that will eliminate the detected vulnerabilities.^[5]

A vulnerability is a flaw in a system, device, or application that, if leveraged by an attacker, could impact the security of the system. Exploits take advantage of a vulnerability by compromising or destructing the vulnerable system, device, or application. Remediation is the process of repairing or providing a remedy for a vulnerability, thereby eliminating the risk of being exploited. Vulnerability scanning is used to identify and evaluate the security posture of a network. Historically, scanners were developed for specific purposes such as scanning only Windows desktops, applications, or network devices. SAINT offers heterogeneous scanning that identifies vulnerabilities across operating systems, desktop applications, network devices, Web applications, databases, and more.

SAINTexploit Penetration Testing Tool

The integrated penetration testing tool, SAINTexploit, demonstrates the path an attacker could use to breach a network and quantifies the risk to the network. SAINTexploit includes a Web site emulator and e-mail forgery tool.^[6]

Penetration testing tools from SAINT are designed to simulate both internal and external real-world attacks. This type of testing identifies the methods of gaining access to a target and understanding the techniques used by attackers. There are many levels and types of penetration testing and the scope of the project should be well defined. Targets included in the scope could include popular protocols, network devices, databases, Web applications, desktop applications, and various flavors of operating systems.

SAINT focuses on the development of exploits where a shell can be established. A shell, or shellcode, is where all exploits included offer a command shell/direct connection to the target from the computer performing the testing. Exploits target operating systems, desktop applications, databases, Web applications, protocols, and network devices. The most common exploit types included in SAINTexploit include the following:

Remote Exploit – These attacks are launched across the Internet or network against a vulnerable target without the user having previous access to the system.
Client Exploit – The victim must access the attacker's resource for a successful attack to take place. Common client exploits include e-mail forgery attacks, enticing the user to visit a Web site, or to open a file.
Local Exploit – In order to launch a local attack, the attacker must have previous access to the victim. (Also known as privilege elevation and tunneling). In this case, the victim's machine is used as the launch pad for connecting to other vulnerable targets.

SAINTmanager Remote Management Console

SAINT's remote management console, SAINTmanager, enables enterprise-wide vulnerability scanning. The browser-based console provides the ability to centrally manage an entire network of SAINT vulnerability scanners from a single interface.

SAINTCloud

SAINTCloud enables cloud based vulnerability scanning, penetration testing, and compliance audits without having to download and install software.

History

The SAINT (Security Administrator's Integrated Network Tool) network vulnerability scanner was based on SATAN (Security Administrator Tool for Analyzing Networks) which was developed by Dan Farmer and Wietse Venema and released in 1995. SAINT Corporation (formerly World Wide Digital Security, Inc. (WWDSI)) continued development and released SAINT in July 1998. WWDSI changed its name to SAINT Corporation in January 2002.

SAINT products are developed by SAINT Corporation, headquartered in Bethesda, Maryland.

Related Research Articles

An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic. Such behavior frequently includes gaining control of a computer system, allowing privilege escalation, or a denial-of-service attack. In lay terms, some exploit is akin to a 'hack'.

Telnet is a client/server application protocol that provides access to virtual terminals of remote systems on local area networks or the Internet. It is a protocol for bidirectional 8-bit communications. Its main goal was to connect terminal devices and terminal-oriented processes.

In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. The range of attacks varies widely, spanning from inundating a server with millions of requests to slow its performance, overwhelming a server with a substantial amount of invalid data, to submitting requests with an illegitimate IP address.

A vulnerability scanner is a computer program designed to assess computers, networks or applications for known weaknesses. These scanners are used to discover the weaknesses of a given system. They are utilized in the identification and detection of vulnerabilities arising from mis-configurations or flawed programming within a network-based asset such as a firewall, router, web server, application server, etc. Modern vulnerability scanners allow for both authenticated and unauthenticated scans. Modern scanners are typically available as SaaS ; provided over the internet and delivered as a web application. The modern vulnerability scanner often has the ability to customize vulnerability reports as well as the installed software, open ports, certificates and other host information that can be queried as part of its workflow.

SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded. A SOCKS server accepts incoming client connection on TCP port 1080, as defined in RFC 1928.

<span class="mw-page-title-main">Nmap</span> Network scanner

Nmap is a network scanner created by Gordon Lyon. Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses.

A port scanner is an application designed to probe a server or host for open ports. Such an application may be used by administrators to verify security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities.

A white hat is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabilities or security issues the current system has. The white hat is contrasted with the black hat, a malicious hacker; this definitional dichotomy comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat, respectively. There is a third kind of hacker known as a grey hat who hacks with good intentions but at times without permission.

In computer networking, port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which sent the connection attempts to connect over specific port(s). A variant called single packet authorization (SPA) exists, where only a single "knock" is needed, consisting of an encrypted packet.

A penetration test, colloquially known as a pentest, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. The test is performed to identify weaknesses, including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.

TCP/IP stack fingerprinting is the remote detection of the characteristics of a TCP/IP stack implementation. The combination of parameters may then be used to infer the remote machine's operating system, or incorporated into a device fingerprint.

<span class="mw-page-title-main">Metasploit</span> Computer security testing tool

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.

Security testing is a process intended to detect flaws in the security mechanisms of an information system and as such help enable it to protect data and maintain functionality as intended. Due to the logical limitations of security testing, passing the security testing process is not an indication that no flaws exist or that the system adequately satisfies the security requirements.

On computer networks, a service scan identifies the available network services by attempting to initiate many sessions to different applications with each device in a target group of devices. This is done by sending session initiation packets for many different applications to open ports on all of the devices specified in the target group of devices. This scan is done across a wide range of TCP, UDP. A service scanner will identify each device it finds along with the services that it finds on the ports that it scans.

<span class="mw-page-title-main">Idle scan</span>

An idle scan is a TCP port scan method for determining what services are open on a target computer without leaving traces pointing back at oneself. This is accomplished by using packet spoofing to impersonate another computer so that the target believes it's being accessed by the zombie. The target will respond in different ways depending on whether the port is open, which can in turn be detected by querying the zombie.

Dynamic application security testing (DAST) represents a non-functional testing process to identify security weaknesses and vulnerabilities in an application. This testing process can be carried out either manually or by using automated tools. Manual assessment of an application involves human intervention to identify the security flaws which might slip from an automated tool. Usually business logic errors, race condition checks, and certain zero-day vulnerabilities can only be identified using manual assessments.

Network enumeration is a computing activity in which usernames and info on groups, shares, and services of networked computers are retrieved. It should not be confused with network mapping, which only retrieves information about which servers are connected to a specific network and what operating system runs on them. Network enumeration is the discovery of hosts or devices on a network. Network enumeration tends to use overt discovery protocols such as ICMP and SNMP to gather information. It may also scan various ports on remote hosts for looking for well known services in an attempt to further identify the function of a remote host. The next stage of enumeration is to fingerprint the operating system of the remote host.

Kali Linux is a Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security. The software is based on the Debian Testing branch: most packages Kali uses are imported from the Debian repositories.

Endpoint security or endpoint protection is an approach to the protection of computer networks that are remotely bridged to client devices. The connection of endpoint devices such as laptops, tablets, mobile phones, Internet-of-things devices, and other wireless devices to corporate networks creates attack paths for security threats. Endpoint security attempts to ensure that such devices follow a definite level of compliance to standards.

Data center security is the set of policies, precautions and practices adopted at a data center to avoid unauthorized access and manipulation of its resources. The data center houses the enterprise applications and data, hence why providing a proper security system is critical. Denial of service (DoS), theft of confidential information, data alteration, and data loss are some of the common security problems afflicting data center environments.

References

↑ "SAINT Security Suite product review - SC Media US". www.scmagazine.com.
↑ "SAINT 8 Security Suite: Vulnerability management product overview".
↑ "Security Content Automation Protocol Validation Program - CSRC". nvd.nist.gov. 6 November 2017. Retrieved 29 May 2024.
↑ "Approved Scanning Vendors".
↑ "Products".
↑ "SAINT SCinnovator" (PDF). carson-saint.com. October 2019. Retrieved 22 April 2023.

External links

SAINT home page

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "SAINT Security Suite product review - SC Media US". www.scmagazine.com.

[2] "SAINT 8 Security Suite: Vulnerability management product overview".

[3] "Security Content Automation Protocol Validation Program - CSRC". nvd.nist.gov. 6 November 2017. Retrieved 29 May 2024.

[4] "Approved Scanning Vendors".

[5] "Products".

[6] "SAINT SCinnovator" (PDF). carson-saint.com. October 2019. Retrieved 22 April 2023.

[1]

[2]

[3]

[4]

[5]

[6]