ISS inc makes 2 products, Real Secure which is a "real time" intrusing detection system and their S3 product which is a vulnerability analysis tool (Limited in scope to the vulnerabilities posed via an IP network); as far as vulnerability analysis I also use the Kane Security analyst and Bindview EMS to look specifically at NT issues outside of the scope of the ISS tools; These tools look at password policies, checks all passwords against a dictionary, looks at RAS permissions, User Rights issues, etc. they can look at the ACL of a directory for easier analysis than you can get from the native NT tools, well worth investigating, you can download eval copies of all three from the respective web sites. (www.iss.net; www.bindview.com; www.kane.com (?) not sure of the last one. ) For "real time" security monitors I personally use the ISS "Real Secure" for my IP networks, but Wheelgroup also makes a very good monitor that some of my co-workers use. As far as the dial up access to RAS is concerned no "real time" system that i am aware of can monitor this access, they MAY pick up hacking attempts made across the network AFTER the RAS line is accessed but would not catch anything across the local wire. I use several tools for user authentication including id systems on firewalls, shiva modems etc. as they have much better authentication control. NT 5.0 is supposed to ship with kerberos and s/key. One thing is certain, NT will never be secure from a default installation and from my impression was never intended to be... I think microsoft's claims that NT is C2 certified is, in large part, a disservice as it leads many inexperienced network managers to a false sense of security and at the same time makes the hacker's much more interested in defeating it's so called security... At 08:31 AM 9/14/97 EST, you wrote: >I have worked on half a dozen different networks over the past six >years and the two most effective intrusions I saw were through >out-of-the-box Windows NT installations with dial-up modems. > >Recently I ran my own command files to check the security on 12 >newly installed NT boxes and every one of them had most of it security >turned off. This looks like it is going to be a continuing problem. > >Does anyone have any experience with a Windows NT based real-time >intrusion detection system that is commercially available? > > Hog Farmer, > formerly with > Tropical Hog Improvement Programme > >