![]() |
||||
|
Analyzing SAINT outputLearning how to effectively interpret the results of a SAINT scan is the most difficult part about using SAINT. This is partly because there is no "correct" security level. "Good" security is very much dependent on the policies and concerns of the site or system involved. In addition, some of the concepts used in SAINT (such as why trust and network information can be so damaging) and many of the options that can be chosen (like proximity, proximity descent, attack filters, etc.) will not be very familiar to many system administrators. It is important to read and understand the documentation to use the tool effectively. From the control panel in the HTML interface, select Data Analysis. You will then be prompted with a wealth of choices; when first learning to use the tool, the Vulnerabilities section will probably be the one of the most immediate interest. In that section, the By Approximate Danger Level link is a good place to start. If a vulnerability is found, SAINT will provide links to sources of information about that vulnerability and how to fix it. If no vulnerabilities are found, congratulations! Note that this does NOT mean that your host is secure - it simply means that SAINT could not find any problems. You might try scanning your targets at a higher level and check this again. In any case, you should investigate the other categories (Hosts and Trust) in the reporting page.
While viewing the reports, you will notice that some hosts are listed
with a red dot next to them (
Other hosts, you will notice, will have a yellow dot next to them
(
Upon further examination of the single machine scan report, you may
notice some hosts are listed with a brown dot next to them
(
And finally, you will notice that a few hosts are listed with a
green dot ( As you drill down into the reports and look at the specific vulnerabilities, you will notice that some vulnerabilities are listed beside an arrow labelled TOP 10. These are the vulnerabilities which are among the SANS Top 10 Internet Security Threats. Since these vulnerabilities account for the majority of Internet break-ins, they are of particular concern. The best way to learn what SAINT can do for you is by using it - scanning networks and examining the results with the Report and Analysis tools can reveal interesting things about your network. Remember, anyone has access to this informtion, so act accordingly! Reading, or at least browsing through the full documentation is strongly recommended - this tutorial merely covered the very basic capabilities of SAINT. There are a wealth of possible options that can be used to unleash SAINT's full potential. Be careful, however, because it is easy to unwittingly make your neighbors think that you're trying to attack them with any scans that you run - always be certain that you have permission to scan any potential hosts that you're thinking of testing. |