Security Administrator Tool for Analyzing Networks
| Security Administrator Tool for Analyzing Networks | |
|---|---|
| Basic data
|
|
| developer | Dan Farmer , Wietse Venema |
| Current version | 1.1.1 (1995) |
| operating system | unix-like systems |
| programming language | Pearl |
| category | Vulnerability Scanner |
| www.porcupine.org/satan | |
The Security Administrator Tool for Analyzing Networks ( SATAN for short ) is a vulnerability scanner . It is mainly written in Perl and has a front end for web browsers ( web interface ) such as Netscape , Mosaic or Lynx back then. This easy-to-use interface enabled the scanning process and presented the results in a summarized form. SATAN also provided a considerable amount of network information, such as the hosts connected to the network, what kind of machines they are and what services they offer.
history
Dan Farmer and Wietse Venema published the "seminal article" in 1993, Improving the Security of Your Site by Breaking Into It, in which they described ways to assess the security of a system from the outside, from the perspective of a potential attacker. On the basis of these considerations, they published the SATAN two years later. The first version (0.1 beta) was released on April 5th, 1995.
In contrast to the security analysis tools widespread at the time, such as COPS ( Computer Oracle and Password System ) and Tiger , which only allowed the system to be examined from the inside, SATAN offered a view of security from the perspective of the attacker. At the time, it was considered the first user-friendly scanner of its kind, especially because of the web interface.
The publication of the program led to mixed reactions. While, on the one hand, the availability of a comprehensive analysis tool that does not compromise the system was welcomed, on the other hand, it was criticized that attackers were given too powerful a tool. It turned out, however, that scans performed with SATAN were easy to spot and therefore had limited utility as an attack tool.
The English writer Neil Gaiman provided illustrations for the documentation.
Further development
The development of the program was stopped in 1995; the last official version (1.1.1) appeared on April 11, 1995.
There are two further developments:
- SARA (System Auditors Research Assistant), which was actively developed for 14 years based on the last SATAN version. From Advanced Research Corporation, which appeared in 1995 and is based on SATAN. Last updated on August 1, 2009 in version 7.9.2a.
- SAINT (Security Administrator's Integrated Network Tool) from SAINT Corporation (until January 2002 "World Wide Digital Security, Inc.", "WWDSI"), which was first published in July 1998. The current version v7.8 was released on May 6, 2011.
See also
literature
- Farmer, Dan; Venema, Wietse: Improving the Security of Your Site by Breaking Into It , 1993, Internet white paper
Web links
- Official website (English)
Individual evidence
- ↑ Info About SATAN Center for Education and Research in Information Assurance and Security, accessed March 9, 2011
- ^ Hontañón, Ramón J .: Linux Security: Craig Hunt Linux Library. , 2001, Wiley, ISBN 978-0782127416 , page 126 ff
- ↑ http://www.porcupine.org/satan/bulletins/sun.txt
- ↑ a b Bosworth, Seymour; Kabay, Michel E .: Computer Security Handbook. 2002, Wiley, ISBN 978-0471412588 , page 16ff
- ↑ Garfinkel, Simson; Spafford, Gene; Schwartz, Alan: Practical Unix & Internet Security. 2003, 3rd edition, O'Reilly, ISBN 978-0596003234 , page 893
- ↑ http://www-arc.com/sara/
- ↑ Security Auditor's Research Assistant (SARA) Retrieved July 17, 2011
- ↑ Saint Cooperation ( Memento of the original from July 20, 2011 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. Retrieved July 17, 2011
