On Tue, 4 Feb 1997, Frank Willoughby wrote:
> o The software was/is out-dated (even when it was released). If you are
> keeping your software current, then it is highly likely that your system
> will contain patches for vulnerabilities that the SANTA tool would detect.
>From what I've heard, the 3rd pre-release was very agressive, and like
all tools, it needs to remain current.
> because of problems in other areas, your system is vulnerable to being
> taken over - in spite of a report from SANTA that your system is OK.
> Use the right tool for the right job. SANTA tests (primarily) the
> networking component, and it doesn't do that very well, IMHO.
It's quite specifically targeted for networks.
>
> o The SANTA tool performs a very small portion of the tests that ISS
> and other vendors' products perform. If it doesn't test for attacks
> such as SYN-flooding or the "Ping-of-death", then it can't tell you
> if these will be a problem for you or not.
It's very difficult to run a denial-of-service attack without denying
service, don't you think? Most of us who claim it doesn't do enough are
the same ones who would claim it did too much for the bad guys if it were
released with a more agressive suite of tests.
> o A "clean bill of health" from the SANTA tool give the sysadmin a false
> sense of security about the security of his/her systems.
If they don't know what it does, and doesn't do. This is true of *every*
analysis tool.
> o At best, the SANTA tool will tell the beginner sysadmin if they
> have overlooked something basic, but beyond that, it is useless.
It's extensible, and that's one of it's main features, if you don't grow
it, then yes, it's not much more than a rubber stamp for a limited set of
vulnerabilities, that's true of any analysis tool in a dynamic environment.
> o Another nit is the choice of the name that was chosen. In one stroke,
> DF & WV managed to alienate those who are offended by the name "SATAN".
> The name SATAN signifies the epitome of evil. If the tool was intended
> to be used for good rather than evil purposes, the choice of the name
> was the worst one possible. I don't know the agenda behind the name,
> but I am curious why they chose that particular name than any of a
> multitude of other suitable names.
If the name of a program is that bad to someone, then I'd respectfully
suggest that they're in the wrong line of work. Given, if I recall
correctly, Dan's naming of a program Fuck!, SATAN could even be
considered a step up. :)
> o Further, since the source code is available, any sysadmin can add
> custom modules to the tool (OTOH, so can the hackers).
With a C compiler, any sysadmin can write nice helpful programs. On the
other hand, evil hackers can write mean and nasty programs. ?
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts @
clark .
net which may have no basis whatsoever in fact."
PSB#9280
Follow-Ups:
References:
|
|
