Re: Kane Security Analyst
Peter Stephenson (pstephen@versalink.com)
Sun, 12 Jan 1997 10:05:54 -0500
At 01:20 PM 1/8/97 -0500, you wrote:
>Does anyone on the list have any experience/insights/information on Kane
>Security Analyst by Intrusion Detection, Inc? I'd appreciate any real
>world successes or failures encountered in the use of this product.
>
>_________________________________________________________________
>James Cannady | Research Scientist
>Georgia Tech Research Institute | Voice: (404) 894-9730
>Georgia Institute of Technology | FAX : (404) 894-9081
>347 Ferst Dr., Room 154 |
>Atlanta, Georgia 30332-0840 | james.cannady@gtri.gatech.edu
>_________________________________________________________________
>
I have mixed emotions about the KSA. We used to use it for all of our
configuration audits for our clients until we had serious trouble with the
NT reporting. We could never get it to print reports properly to files
(required for embeding into overall audit or risk reports). Also, recent
reviews have not been kind to them, especially as regards support. We have
a small traveling license, but we have only used a very few servers and we
discontinued its use nearly a year ago.
In my experience the NetWare version is quite good and very robust for
NetWare 3.X. It is light years ahead of Bindview from the perspective of
ease of use and clean analysis. Bindview provides much more raw data but
expects you to interpret more than KSA does. I have not used the KSA on
NetWare 4.X. The reviewers didn't like the password cracking which they
said was weak.
The NT version I used (an early one) did not work well, especially, as I
said, the report writer (I was told it depends upon NT and that's why it
doesn't work well - that's just the kind of poor support I think the
reviewers probably ran into) which was flakey.
A little background might be useful here. I've known Robert Kane for many
years. He's a talented security specialist and programmer. He invented the
KSA and like many entrepreneurs in the security business started off very
small (not, as some do, however, as shareware or freeware - just small). He
traveled the shows, made alliances with people like MIS Training Inst. and,
generally, peddled his wares himself. His early products were quite good
and very innovative. He was the first to suggest that you could have an
audit tool for NetWare that a monkey could use and a skilled security
specialist would find useful as well. He developed a user interface which
is still the core of the product(s) and probably its best point. His
product (NetWare 3.x at that time) began to get very good reviews and became
popular. He was, really, the only game in town except for Bindview.
Recently (in the past couple of years or less) got a partner. He started to
expand. IMHO his product quality and his level of support hasn't been the
same since. Today, without serious changes in both the KSA and the company
I would not buy the product. We now use AXENT Technologies' ESM products to
accomplish the same thing as KSA. They work on all platforms including Unix
and are more reliable, just as easy to use and the support is better (AXENT
is a public company with adaquate resources).
Just my 2 cents worth. I have huge respect for Robert, but I think he's
gone in a wrong direction.
--P
----------------------------------------------------------------------
Peter Stephenson, InfoSEC Technologies div. of Sanda International Corp.
Rochester Hills, MI - (810) 650-2699, (810) 375-2717 fax
http://www.versalink.com - info@versalink.com
----------------------------------------------------------------------