computer security ==>
Security Administrator's Integrated Network Tool
<networking, security, tool> (SAINT, originally "Security Administrator
Tool for Analyzing Networks", SATAN) A tool written by Dan Farmer and Wietse
Venema which remotely probes systems via the network and stores its findings in
a database. The results can be viewed with an web browser. SAINT requires Perl
5.000 or better.
In its simplest mode, SAINT gathers as much information about remote hosts and
networks as possible by examining such network services as finger, NFS, NIS,
FTP, TFTP, rexd, and other services. The information gathered includes the
presence of various network information services as well as potential security
flaws - usually in the form of incorrectly setup or configured network services,
well-known bugs in system or network utilities, or poor or ignorant policy
decisions. It can then either report on this data or use a simple rule-based
system to investigate any potential security problems. Users can then examine,
query, and analyze the output with a web browser. While the program is primarily
geared toward analysing the security implications of the results, a great deal
of general network information can be gained when using the tool - network
topology, network services running, and types of hardware and software being
used on the network.
SAINT can also be used in exploratory mode. Based on the initial data collection
and a user configurable ruleset, it will examine the avenues of trust and
dependency and iterate further data collection runs over secondary hosts. This
not only allows the user to analyse his own network, but also to examine the
real implications inherent in network trust and services and help them make
reasonably educated decisions about the security level of the systems involved.
Home.
Old SATAN page.
Mailing list.
(2000-08-12)
Nearby terms:
Secure Multipurpose Internet Mail Extensions «
Secure Shell « Secure Sockets Layer « Security
Administrator's Integrated Network Tool »
Security Association » Security Association ID »
security through obscurity
computer security ==>
Security Association
<networking> The relationship between two or more entities (typically, a
computer, but could be a user on a computer, or software component) which
describes how the entities will use security services, such as encryption, to
communicate.
See RFC 1825.
(1997-07-09)
Nearby terms:
Secure Shell « Secure Sockets Layer « Security
Administrator's Integrated Network Tool «
Security Association » Security Association ID »
security through obscurity » SED
computer security ==>
Security Association ID
<networking> (SAID) A 32-bit field added to packet headers for encryption
and authentication in the proposed Internet Protocol Version 6.
(1997-07-09)
Nearby terms:
Secure Sockets Layer « Security Administrator's
Integrated Network Tool « Security Association «
Security Association ID » security through
obscurity » SED » Sed
computer security ==>
security through obscurity
<security> Or "security by obscurity". A term applied by hackers to most
operating system vendors' favourite way of coping with security holes - namely,
ignoring them, documenting neither any known holes nor the underlying security
algorithms, trusting that nobody will find out about them and that people who do
find out about them won't exploit them. This never works for long and
occasionally sets the world up for debacles like the RTM worm of 1988 (see Great
Worm), but once the brief moments of panic created by such events subside most
vendors are all too willing to turn over and go back to sleep. After all,
actually fixing the bugs would siphon off the resources needed to implement the
next user-interface frill on marketing's wish list - and besides, if they
started fixing security bugs customers might begin to *expect* it and imagine
that their warranties of merchantability gave them some sort of rights.
Historical note: There are conflicting stories about the origin of this term. It
has been claimed that it was first used in the Usenet newsgroup in
comp.sys.apollo during a campaign to get HP/Apollo to fix security problems in
its Unix-clone Aegis/DomainOS (they didn't change a thing). ITS fans, on the
other hand, say it was coined years earlier in opposition to the incredibly
paranoid Multics people down the hall, for whom security was everything. In the
ITS culture it referred to (1) the fact that by the time a tourist figured out
how to make trouble he'd generally got over the urge to make it, because he felt
part of the community; and (2) (self-mockingly) the poor coverage of the
documentation and obscurity of many commands. One instance of *deliberate*
security through obscurity is recorded; the command to allow patching the
running ITS system (altmode altmode control-R) echoed as $$^D. If you actually
typed alt alt ^D, that set a flag that would prevent patching the system even if
you later got it right.
[Jargon File]
(1994-12-15)
Nearby terms:
Security Administrator's Integrated Network Tool «
Security Association « Security Association ID «
security through obscurity » SED » Sed » SEE
|