
SAINT Home
|
Design Goals
SAINT was not built to solve any single problem; rather, it was built as
a research tool, to see what would happen if freely available state of the
art software tools were merged with as much security knowledge as we could
pool together were crammed into one (at least semi-)cohesive package.
Our design goals were:
- Discover if the problem of mapping out the security of large networks
was a solvable problem.
- Use the traditional Unix toolbox approach of program design.
- Use as many freely available software tools that were currently
useful and available, to cut down development time to a minimum.
- Design a security package that was educational as well as useful.
- Create a tool that was freely available to anyone who wanted to use it.
- Discover and uncover as much security and network information as
possible without being destructive.
- Create the best (and, at the creation/development stages, quite nearly the
only) investigative security network tool available, at any price.
- Spur further program development (commercial or academic) in this very
rich area.
- Show just how insecure the Internet really is, and how much every
site depends on a large number of potentially insecure other sites.
Toolkit approach
As with any program of this size, it is often made up of other smaller
programs. Why re-invent the wheel, right?
Speed/optimization
Optimizing SAINT for speed of execution was not much of a design
consideration. It was designed to be an information gathering tool
that would be run periodically; a fairly large network (say, a
thousand nodes) can be scanned in several hours. In all likelihood, the
majority of time consumed when using SAINT will be deciding on what
actions to take based on the results that were found. In any case, the
network timeouts and uncertainties make real optimization very
difficult. Fortunately, perl was fast enough to make
performance a non-issue for most network queries and work. However,
with the introduction of firewalls into the equation, the issue of speed
becomes even less and less important. SAINT is takes no more than a 1000
seconds to determine it's targets against a firewalled network. This is
something we didn't like, but couldn't help.
Back to the Introductory TOC/Index
|