In reply to the honourable 'frankw @
in .
net' who said:
> o The software was/is out-dated (even when it was released). If you are
This assumption is incorrect. The software was designed to perform basic diagnostics
and port/services evaluation.
OTOH, all software is out-dated by the time its released, its only while its still
fresh in the mind of the developer that its new. This is especially true for patches
also. Take the latest set of sendmail patches from 8.7.x to 8.8.5 for example.
> o The SANTA tool performs a very small portion of the tests that ISS
I said satan is one component, another tool in the IS suite. I also recommend
tripwire, courtney, tcpdump, cops, tiger, hobgoblin, ISS, fwtk, crack and numerous
others to provide a well rounded toolbox. One should never rely solely on one
specific tool.
For further penetration testing write your own utilities, download the current
black-hat rootkits, and examine thoroughly the actual system being tested.
> o A "clean bill of health" from the SANTA tool give the sysadmin a false
> sense of security about the security of his/her systems.
Any person that feels secure in their setup is at risk. A clean bill of health is
only given by a Security consultant based on sound security practices and
techniques. Using tools merely assists one here, but keep a healthy paranoia at all
times.
> o At best, the SANTA tool will tell the beginner sysadmin if they
> have overlooked something basic, but beyond that, it is useless.
What is a beginner sysadmin doing in charge of security ? Security is for those with
the required expertise.
> o Another nit is the choice of the name that was chosen. In one stroke,
This is a pointless argument that has been repeated over and over, acronyms are
acronyms and usually goes into /dev/null.
> o It is my understanding that a trojan horse was planted (by a hacker)
If you run checksums on the binaries and only download from the original trusted
site, then it is not an issue.
> You will probably find other tools which provide better coverage than the SANTA >
tool.
Complete coverage is not provided by any tool or tools, it is only through the IS
personnels' knowledge and diligence that one attains 'complete coverage'. Which
again relies partly on having a diverse range of tools to assist one in automating
basic tasks.
> o Use the right tool for the right job. A network security tool is only
> one of many tools which a skilled Information Security Officer uses
> to keep their environment secure.
This is what i have been saying all along.
> show them that our typical network security analysis services (such as
> Firewall Penetration Tests, etc.) discover far more potential probem
> areas than the SANTA tool ever could.
Assessing the risks and trouble spots in ones network/firewall is a multistep
process, rearrange as per your preferences.
1. install and run the standard tools, check versions, holes etc.
2. write and run _your_ own specific scripts and programs.
3. investigate the known problem areas
4. manually go through ones own acquired checklist of problems.
Step 1 is where one hopefully makes use of tools like satan.
Are you advising people not to make use of an available tool ? or do we continue to
reinvent the wheel.
> "much-feared" SANTA tool and the far more extensive tests that we run
> makes *quite* a favorable impression on our customers.
Impressing customers is far less important than knowing the end result will be
effective.
cheers
+------------------------------------------------------------+
| |
| _/_/ _/_/ _/_/_/_/_/_/ _/_/_/_/_/_/ |
| _/_/ _/_/ _/_/_/ _/_/ |
| _/_/ _/_/ _/_/ _/_/ _/_/_/ |
| _/_/_/_/_/_/ _/_/_/ _/_/ |
| _/_/ _/_/ _/_/_/_/_/_/ _/_/_/_/_/_/ |
| |
| winspace @
geko .
net .
au - Software Engineering in SQL and C++ |
+------------------------------------------------------------+
|
|
