Review of Protecting Networks with SATAN

Protecting Networks with SATAN
Martin Freiss
O'Reilly & Associates

Reviewed by Nick Christenson,

July 7, 1998

In 1995, the computer security tool knows as SATAN was released prompting numerous articles in the popular press predicting that it would touch off an avalanche of security break-ins that would devastate the Internet. Of course, as the authors predicted, this catastrophe never occurred, and SATAN took its place as a very useful tool for discovering security vulnerabilities in one's network. In 1997, Martin Freiss wrote Protecting Networks with SATAN as a guide to using this powerful software tool. It was originally published in German, and now has been translated into English by Robert Bach.

The book begins with a brief description of network security and then describes how to obtain, build, and install SATAN. Next, Freiss provides information on how to conduct network scans with SATAN and describes what SATAN can test for and how it works. The book also provides information on writing one's own SATAN modules, suggested SATAN countermeasures, and concludes with some general security advice in a chapter entitled "Beyond SATAN".

The writing isn't top flight, but the explanations are clear and the prose is no worse than I'd expect from a competently translated text. The information it provides appears correct to me, although I found the sections on general network security to be pretty sparse. Since they're only provided as background and the reader is referred to excellent sources in the bibliography, this isn't a problem. The book is short, but this is no disgrace. The author has chosen a narrow topic to focus on, has explained it with sufficient clarity, and has wisely elected not to waste the reader's time with filler material. I applaud the brevity of the book and wish that more technical authors would consider writing this efficiently.

It seems to me that the main reasons why the press felt that SATAN's release could result in such widespread chaos were its ease of use and familiar Web interface. In my opinion, the most remarkable qualities of this software package are it's intriguing inference engine, which infers connections between vulnerable computers, and it's easy extendibility. While the book does a nice job of explaining these features, SATAN's user-friendliness makes one wonder if the book is really necessary at all. I really didn't find much substantive information here that isn't immediately available in the SATAN documentation. What I did find new was in the chapters on Detecting and Repelling SATAN attacks and Extending and Adapting SATAN. However, this isn't quite enough to make me able to recommend this book.

I suppose if one is having problems figuring out the documentation, or expects to have some difficulty in writing a SATAN extension, the book would prove useful. Further, at a price less than $20, it's not an extravagant expense, but if one is already successfully using SATAN, I really don't expect that this book would be all that necessary or even terribly helpful, as the SATAN documentation does a pretty good job of covering the same ground.


Protecting Networks with SATAN covers much the same ground as the SATAN documentation itself. If one is having difficulty making SATAN do what one wants, this book may prove useful, but I really can't recommend buying it unless this is the case.

Click here to return to the index of reviews.