At 01:20 PM 1/8/97 -0500, you wrote: >Does anyone on the list have any experience/insights/information on Kane >Security Analyst by Intrusion Detection, Inc? I'd appreciate any real >world successes or failures encountered in the use of this product. > >_________________________________________________________________ >James Cannady | Research Scientist >Georgia Tech Research Institute | Voice: (404) 894-9730 >Georgia Institute of Technology | FAX : (404) 894-9081 >347 Ferst Dr., Room 154 | >Atlanta, Georgia 30332-0840 | james.cannady@gtri.gatech.edu >_________________________________________________________________ > I have mixed emotions about the KSA. We used to use it for all of our configuration audits for our clients until we had serious trouble with the NT reporting. We could never get it to print reports properly to files (required for embeding into overall audit or risk reports). Also, recent reviews have not been kind to them, especially as regards support. We have a small traveling license, but we have only used a very few servers and we discontinued its use nearly a year ago. In my experience the NetWare version is quite good and very robust for NetWare 3.X. It is light years ahead of Bindview from the perspective of ease of use and clean analysis. Bindview provides much more raw data but expects you to interpret more than KSA does. I have not used the KSA on NetWare 4.X. The reviewers didn't like the password cracking which they said was weak. The NT version I used (an early one) did not work well, especially, as I said, the report writer (I was told it depends upon NT and that's why it doesn't work well - that's just the kind of poor support I think the reviewers probably ran into) which was flakey. A little background might be useful here. I've known Robert Kane for many years. He's a talented security specialist and programmer. He invented the KSA and like many entrepreneurs in the security business started off very small (not, as some do, however, as shareware or freeware - just small). He traveled the shows, made alliances with people like MIS Training Inst. and, generally, peddled his wares himself. His early products were quite good and very innovative. He was the first to suggest that you could have an audit tool for NetWare that a monkey could use and a skilled security specialist would find useful as well. He developed a user interface which is still the core of the product(s) and probably its best point. His product (NetWare 3.x at that time) began to get very good reviews and became popular. He was, really, the only game in town except for Bindview. Recently (in the past couple of years or less) got a partner. He started to expand. IMHO his product quality and his level of support hasn't been the same since. Today, without serious changes in both the KSA and the company I would not buy the product. We now use AXENT Technologies' ESM products to accomplish the same thing as KSA. They work on all platforms including Unix and are more reliable, just as easy to use and the support is better (AXENT is a public company with adaquate resources). Just my 2 cents worth. I have huge respect for Robert, but I think he's gone in a wrong direction. --P ---------------------------------------------------------------------- Peter Stephenson, InfoSEC Technologies div. of Sanda International Corp. Rochester Hills, MI - (810) 650-2699, (810) 375-2717 fax http://www.versalink.com - info@versalink.com ----------------------------------------------------------------------