Re: Time For New Security Package? (was Re: new iss stuff)

[iceman () mbnet mb ca (Oliver Friedrichs)]

On Tue, 10 May 1994, Tom Fitzgerald wrote:

> do, and COPS already has lots of useful name-recognition.  Second, Gene
> Spafford mentioned that he had someone already working on something like
> this, so I'd be careful not to duplicate effort

Don't forget about SATAN (whenever it will be publicly released).  From
Appendix A of Dan Farmer and Wietse Venema's paper - _Improving the
Security of Your Site by Breaking Into it_:

Appendix A:

SATAN (Security Analysis Tool for Auditing Networks)

Originally conceived some years ago, SATAN is actually the prototype of
a much larger and more comprehensive vision of a security tool.  In its
current incarnation, SATAN remotely probes and reports various bugs and
weaknesses in network services and windowing systems, as well as
detailing as much generally useful information as possible about the
target(s).  It then processes the data with a crude filter and what
might be termed an expert system to generate the final security
analysis.  While not particularly fast, it is extremely modular and easy
to modify.

SATAN consists of several sub-programs, each of which is an executable
file (perl, shell, compiled C binary, whatever) that tests a host for a
given potential weakness.  Adding further test programs is as simple as
putting an executable into the main directory with the extension ".sat";
the driver program will automatically execute it.  The driver generates
"live" targets), and then executes each of the programs over each of the
targets.  A data filtering/interpreting program then analyzes the
output, and lastly a reporting program digests everything into a more
readable format.

The entire package, including source code and documentation, will be
made freely available to the public, via anonymous ftp and by posting it
to one of the numerous source code groups on the Usenet.


- Oliver