ACCU Home page ACCU Conference Page
Search Contact us ACCU at Flickr ACCU at GitHib ACCU at Google+ ACCU at Facebook ACCU at Linked-in ACCU at Twitter Skip Navigation

Search in Book Reviews

The ACCU passes on review copies of computer books to its members for them to review. The result is a large, high quality collection of book reviews by programmers, for programmers. Currently there are 1918 reviews in the database and more every month.
Search is a simple string search in either book title or book author. The full text search is a search of the text of the review.
    View all alphabetically
Title:
Protecting Networks with SATAN
Author:
Martin Freiss
ISBN:
1 56592 425 8
Publisher:
O'Reilly
Pages:
112pp
Price:
£14-95
Reviewer:
Adrian Wontroba
Subject:
internet; security
Appeared in:
11-6
Many of us will remember the storm over the 1995 release of this useful tool by Wietse Venema and Dan Farmer. SATAN's full name is Security Administrator's Tool for Analysing Networks, which succinctly describes what it does - inspect a network for known security weaknesses and report upon them. These vulnerabilities are reputedly widely known in cracking circles and ought to be known to system administrators. Like any sharp tool, it can be abused. Users should bear in mind the concluding words in SAMBA's README file - SATAN was written to improve Internet security. Don't put our work to shame.

This short, well-written book appears to be aimed at people who are relative novices to network security and should be useful to them. In its 112 pages it:

  • Contains a foreword from Wietse Venema.
  • Summarises the basics of network security.
  • Explains how to obtain and build SATAN. Be aware that SATAN's primary home has moved from the address given. Check outftp://ftp.porcupine.org/pub/security/index.html.
  • Describes the process of performing a security audit, including the importance of not probing outside ones own network without permission, which is often interpreted as an attack.
  • Explains:
    • why the weaknesses SANTA searches for are security problems and ways of plugging the holes.
    • How to modify and extend SATAN.
    • How to detect if somebody is running SATAN against your machines, and what to do about it.
    • Why just getting a clean report doesn't mean that your network is secure and outlines what you should start thinking about next.
  • Gives some useful references to other material.
(This review was written for the UK Unix User Grouphttp://www.ukuug.org/and is reproduced with their permission.)