WWDSI

  • SAINT Home

  • Design Goals


    SAINT was not built to solve any single problem; rather, it was built as a research tool, to see what would happen if freely available state of the art software tools were merged with as much security knowledge as we could pool together were crammed into one (at least semi-)cohesive package. Our design goals were:

    • Discover if the problem of mapping out the security of large networks was a solvable problem.
    • Use the traditional Unix toolbox approach of program design.
    • Use as many freely available software tools that were currently useful and available, to cut down development time to a minimum.
    • Design a security package that was educational as well as useful.
    • Create a tool that was freely available to anyone who wanted to use it.
    • Discover and uncover as much security and network information as possible without being destructive.
    • Create the best (and, at the creation/development stages, quite nearly the only) investigative security network tool available, at any price.
    • Spur further program development (commercial or academic) in this very rich area.
    • Show just how insecure the Internet really is, and how much every site depends on a large number of potentially insecure other sites.

    Toolkit approach

    As with any program of this size, it is often made up of other smaller programs. Why re-invent the wheel, right?

    Speed/optimization

    Optimizing SAINT for speed of execution was not much of a design consideration. It was designed to be an information gathering tool that would be run periodically; a fairly large network (say, a thousand nodes) can be scanned in several hours. In all likelihood, the majority of time consumed when using SAINT will be deciding on what actions to take based on the results that were found. In any case, the network timeouts and uncertainties make real optimization very difficult. Fortunately, perl was fast enough to make performance a non-issue for most network queries and work. However, with the introduction of firewalls into the equation, the issue of speed becomes even less and less important. SAINT is takes no more than a 1000 seconds to determine it's targets against a firewalled network. This is something we didn't like, but couldn't help.
    Back to the Introductory TOC/Index