THE VIRGINIAN-PILOT
Copyright (c) 1995, Landmark Communications, Inc.
DATE: Monday, April 10, 1995 TAG: 9504080169
SECTION: BUSINESS WEEKLY PAGE: 06 EDITION: FINAL
COLUMN: DOUBLECLICK
LENGTH: Long : 114 lines
Doubleclick authors Richard and Roger Grimes of Norfolk happen to be twin brothers and computer authorities. Their discourse on life in the computer lane appears every other week in Hampton Roads Business Weekly.
Richard: Ah, it's spring and the sweet smell of panicking computer professionals is in the air. Naturally, Satan is at the bottom of it.
Roger: Satan is a new network analyzer designed by a Californian named Dan Farmer in conjunction with another programmer in the Netherlands. Satan is an acronym standing for Security Administrators Tool for Analyzing Networks. The software lives for one thing: probing networks connected to the Internet and reporting their security weaknesses.
Richard: Have you seen this Dan Farmer guy? He has long red hair and wears leather jackets. He looks like the lead in a really mean version of Annie.
Security wonks are not only afraid that his look will come into style, but that people will use this guy's software to infiltrate networks, steal passwords and circulate nude pictures of Congress members.
Roger: Mr. Farmer celebrated his 33rd birthday by distributing free copies of his software on the Internet. Satan only probes networks, it doesn't actually hack into the system. Probing tools like this have been around a long time, and Satan's release only bothers people for two reasons.
Richard: It's free and it's easy. You don't need to be a computer genius with a rich aunt in ill health to probe networks anymore. Satan's point and click interface actually works a lot like an Internet World Wide Web browser. You type in the address of the host you want to probe and select the level of scanning. Satan does the rest.
Roger: Most people shouldn't worry too much about Satan. First, the bad guys need a Unix computer to run the software. Until Farmer makes a Windows version, a lot of would-be hackers are out of luck. Secondly, you need to have an Internet host site to be affected.
Richard: Notice that he said host ``site'', not host ``account''. Unless you're one of the bigger kids on the block, like Infinet or NASA, you're probably safe. Likewise, your local Novell network technoids can heave a sigh of relief.
Roger: Satan probes for 10 basic weaknesses, all of which have been well documented. If your host site is vulnerable to any of these weaknesses, your site needs some work anyway.
Plus, an intrepid programmer has already designed the first anti-Satan piece of software and it's called Courtney. Named after the programmer's daughter, Courtney notifies you if someone attempts to probe your network using Satan.
Richard: I'm not sure who's creepier - Dan Farmer or the guy who named Courtney after his daughter. How do you explain that to your kid? ``Sorry, honey, I can't play tea party with you, I'm busy coding software that metaphorically pits you against the Prince of Darkness?'' Gee, thanks Dad.
Roger: Courtney can be found at http://ciac.llnl.gov/pub/ciac/sectools /unix/.
Richard: If you want a copy of Satan - keep your Sunday school lessons in mind - Satan is everywhere. If you can't find this program - give up your hacking career.
More deviltry
Roger: Now, we're going to look at the pros and cons of businesses offering interest free loans to their employees for the purchase of computer equipment. Unfortunately, both Richard and I think it's a good idea. One of us is going to have to play, uh, devil's advocate, and this time, it's Richard.
Richard: It is?
Roger: Yep. I flipped a coin in the car on the way over here. You lost.
Richard: Swell.
Roger: Good job, you're already being adversarial. Basically, a computer purchase incentive plan works like this: The company provides a full-time employee a three year interest-free loan to buy a computer. The company then deducts the loan payment from the employee's paycheck.
Richard: Sounds good to me.
Roger: You're a tough devil's advocate.
Richard: Here come the hard questions, brother. Why should a company bother?
Roger: Because once your employees buy a computer, they'll train themselves. How did you and I learn about computers? We bought one. Help your employees buy a computer and they will help your company on their own time by learning to operate those computers and the software packages on them.
Richard: So basically, the idea is to let employees erase their own personal files and accidentally reformat their own hard drives before they come into work and experiment with computers on the network.
Roger: Good summation. But you're forgetting the benefits that the employee accrues. They get a computer at little or no interest charge. They become more marketable as they gain more computer skills. And, if the company negotiates a volume deal with a distributor, the employee probably gets a computer dirt cheap.
Richard: Again a free market triumphs, and safety and democracy are restored. How about this scenario, though? I use the employee purchase program to buy an old Commodore Vic 20 and two monitors because I like seeing things twice. I also order an antique dot matrix printer. Then, one day I show up at work wearing nothing but a Speedo swim suit and a fur coat.
Roger: I assume your boss fires you for this.
Richard: The politically correct term is ``decruitment.'' Anyway, suddenly I can't pay off my loan. How does the company deal with that?
Roger: Either you pay off the loan when you leave the company or you give the company your equipment.
Also, your company will not authorize you to buy any equipment except guaranteed equipment that is compatible with your company network. You wouldn't be allowed to buy a Vic 20, two monitors or an incredibly old printer. Worst case scenario, if you default, they end up with a usuable computer for less money. MEMO: The coin flipper can be reached at groger(AT)infi.net
The Speedo model can be reached at rgrimes(AT)infi.net
ILLUSTRATION: AP Photo
Californian Dan Farmer designed the Satan analyzer softwear to probe
computer networks and report any security weaknesses.
by CNB