An Introduction to SAINT

Abstract

Vulnerability analysis is an important part of a good security program. While there are many commercial tools available for performing vulnerability analysis, for enterprises with a large number of hosts these tools can be cost prohibitive. There are some free tools that are available, such as SATAN (Security Administrator's Tool for Analyzing Networks), but many are out-of-date. While conducting a vulnerability analysis for a customer with several thousand hosts, we decided to update SATAN and create a new, up-to-date, vulnerability analysis tool called SAINT (Security Administrator's Integrated Network Tool). SAINT includes all the tests performed by SATAN, plus many additional tests for new vulnerabilities, including Back Orifice, NetBus, statd, open SMB shares, and ToolTalk. This presentation will include the origins of SAINT, how SAINT works, what SAINT tests for, and the future of SAINT.

Speaker Bio

Jane Lemmer is an Information Security Specialist at World Wide Digital Security, Inc. (a wholly owned subsidiary of Richard S. Carson and Associates, Inc., where she is a Director). Jane has a B.S. in Computer Science from the University of Delaware and a Masters of Information Systems from Virginia Tech. She has been working in the computer industry for over 13 years and has been working in the computer security field for the past three years. She specializes in conducting vulnerability assessments, risk assessments, and developing security plans. She recently presented a briefing "Vulnerability Assessment using SAINT" at the 11th Annual FIRST (Forum of Incident Response and Security Teams) Conference on Computer Security and Incident Handling, held June 1999 in Brisbane, Australia.