Presentation is loading. Please wait.

Presentation is loading. Please wait.

SATAN Presented By Rick Rossano 4/10/00. OUTLINE What is SATAN? Why build it? How it works Capabilities Why use it? Dangers of SATAN Legalities Future.

Published byMildred Charles Modified over 9 years ago

Similar presentations

Presentation on theme: "SATAN Presented By Rick Rossano 4/10/00. OUTLINE What is SATAN? Why build it? How it works Capabilities Why use it? Dangers of SATAN Legalities Future."— Presentation transcript:

1 SATAN Presented By Rick Rossano 4/10/00

2 OUTLINE What is SATAN? Why build it? How it works Capabilities Why use it? Dangers of SATAN Legalities Future Directions

3 What is SATAN? SATAN (Security Analysis Tool for Auditing Networks) Examines remote hosts & Networks

4 What is SATAN (cont.) Gathers information about potential security flaws such as: – Incorrectly set up or configured network services – Poor policy decisions – Well known bugs in: Systems Network Utilities

5 What is SATAN (cont.) Also gathers information about: – Network topology – Webs of trust (more to come) – Hardware and software resident on network SATAN is a research tool Not designed to solve any particular problem

6 Why Build SATAN? To learn about network security with respect to large networks To show how insecure the Internet really is

7 Why Build SATAN (cont.) Design Goals: – To discover if problem of mapping security of large networks is solvable – To find maximum information about network security without being destructive

8 Why Build SATAN? (cont.) Design Goals (cont.) – To make package available to anyone Why? Because limiting access to information about security problems hinders the abilities of system administrators Weakens the integrity of the Internet

9 Web of Trust Definition: – When local resources of a server can be accessed or compromised by a client with or without proper authorization Trust is weak if: – Client authentication is weak – Client authentication is outside system administrator’s domain – Security of client is outside system administrator’s domain At least one case is usually present when a host is trusted

10 Web of Trust (cont.) Trust is transitive – A→B and B→C, Therefore A→C. Trust in networks can bind otherwise disjoint hosts Sites depend on one another Sites could be insecure, compromising sites that trust them Leads to a weaker network

11 How SATAN Works Has target acquisition program that uses fping to find hosts Target list then passed to data collection engine Data collection engine checks if target has been probed yet If not …

12 How SATAN Works (cont.) SATAN examines network services of remote host: – NFS (Network File System) – file sharing protocol in UNIX – NIS (Network Information Services) – naming service that allows resources to be added, deleted and modified. – ftp – tftp (trivial file transfer protocol) – used with diskless workstations

13 How SATAN Works (cont.) SATAN can then: – Report information to user – Use simple rule-based system to investigate potential security problems Data collected is then stored SATAN uses HTML browser – Output can be analyzed or queried by user

14 Capabilities So far there has only been limited research SATAN has found the following problems in networks: – NFS file systems exported to arbitrary hosts – NFS file systems exported to unprivileged hosts – NIS password file access from arbitrary hosts – Arbitrary files accessible via tftp

15 Capabilities (cont.) SATAN’s exploratory mode – Where SATAN’s power comes from – Traverses web of trust and dependency – Performs analysis of secondary, tertiary hosts, etc. – Gives more clear picture of overall network security and possible avenues of attack

16 SATAN’s weaknesses SATAN is not optimized for speed of execution – Designed for periodic runs over large networks of over 1000 nodes – Normal scanning time is several hours SATAN will not run on Mac’s or PC’s unless running UNIX Has not been tested on other OS’s like Linux

17 Why Use SATAN? Mostly designed for system administrators Intruders will be able to access the same security vulnerability information, which is why it is effective Will likely uncover previously unknown problems or weaknesses in network

18 Dangers of SATAN SATAN can be used by potential intruders and hackers Works because it uses same techniques SATAN can be used to probe a network without authorization

19 Dangers of SATAN (cont.) Even well intentioned system administrators can let SATAN traverse webs of trust and probe beyond their authority Could anger neighbors and / or lead to legal problems

20 Controlling SATAN Best if run behind firewall Proximity Level setting determines the number of hops away from target to probe – 1 hop – will only probe hosts adjacent to user in web of trust

21 Controlling SATAN (cont.) Uses targeting exception variables, which specify which hosts the user can, cannot, and must probe – $don’t_attack_these$ Used to avoid.gov and.mil hosts, for example – $only_attack_these$ Used to specify a certain network like.edu

22 Legality of SATAN So far, no known files charged against anyone for running a security tool Legality is not yet clear for doing so Running a security tool against a remote site without permission is “probably” illegal. Be careful

23 SATAN’S Future Hoping to graphically display network maps Hoping to graphically display webs of trust MORE TESTING!!!!

24 QUESTIONS ?

Download ppt "SATAN Presented By Rick Rossano 4/10/00. OUTLINE What is SATAN? Why build it? How it works Capabilities Why use it? Dangers of SATAN Legalities Future."

Similar presentations

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.

Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.

Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : 97077200 7 August 1999 The Chinese University.

Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : August 1999 The Chinese University.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.

Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.
Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,

Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,

Similar presentations

Ads by Google