[ISN] Openness critical for strong security: SATAN author
isn at c4i.org
Fri Feb 10 02:08:36 EST 2006
By David Braue
10 February 2006
Building secure software doesn't have to be complicated; it just takes
a commitment to secure design, and an upfront willingness to work
within the unique development environment that is open source.
That was the message from Wietse Venema, a Dutch programmer with IBM
who visited Melbourne this week for SECURECon, a three-day technical
conference highlighting a range of current security issues and
remediation strategies for developers.
Venema, long a figurehead in the open source and Unix worlds, is best
known for his creation of Postfix (initially known as Secure Mailer),
a widely used e-mail server application that he wrote to improve upon
the dominant but flawed SendMail application. Postfix, developed while
Venema was on a six-month research stint at IBM, has since become the
standard mailer in Mac OS X and numerous versions of Linux.
Even as it continues to evolve today -- the latest version of Postfix
was released last month -- the program was significant in that it
brought open-source software to the attention of IBM head Lou
Gerstner, who in 1998 read a New York Time article on the software and
pushed IBM into a formal open-source strategy. IBM is now one of the
major contributors of code to the open-source movement.
Broad distribution and takeup of the software helped Postfix grow from
a short-term project into an ongoing effort, and Venema was quick to
credit the scores of open-source developers who have continually
improved the system's design.
"It's not difficult to build a decent mail system, but it's very easy
for people with poorly designed countermeasures too destroy it," he
said. "Systems that are not built to be secure will always be like
Swiss cheese -- full of holes. You can't make systems secure by just
patching the holes."
Venema enjoyed mainstream notoriety in the late 1990s as United States
media launched a fire-and-brimstone attack on the PhD-qualified
physicist, who partnered with fellow security expert Dan Farmer to
release SATAN (Security Administrator Tool for Analyzing Networks).
Designed as a strong automated probe for weaknesses in any system it
targeted, histrionic observers believed Venema and Farmer's tool would
destroy the information economy by giving hackers powerful tools to
bring down major Web sites.
Releasing the system was important, Venema decided, because such
security problems could only be fixed if they were known about. His
own testing of SATAN found that many systems, even those directly
connected to secure systems, had vulnerabilities that were open to
exploitation. After inadvertently leaving an early version of SATAN
running overnight during its development, Venema found the application
had followed a "web of interdependencies" between insecure systems
that had taken its probing halfway across the Netherlands.
"I found that even people who were very careful about their systems,
like my colleagues, had either file sharing relationships or logging
relationships with other systems that were wide open," he recalls.
"Basically, nearly every system had a bad neighbour."
Ferreting out these bad neighbours would help everyone concerned,
Venema released -- and the eventual release of the open-source SATAN
ultimately proved less controversial than expected. Network
administrators "discovered all kinds of stuff they didn't know about,"
"They didn't know there were all these Web servers running on peoples'
machines, or even on machines they didn't know about. At the time,
people just didn't scan their systems like that. It used to be that
people could get fired for running SATAN, but now they can get fired
for not running it."
More information about the ISN