Kane Security Analyst for Windows NT

Find and fix security holes

Manually analyzing Windows NT security is tedious. Human errors can occur,leading to a breached system or network. To reduce this risk, you need to usesoftware tools to assist in your security analysis.

Intrusion Detection (recently acquired by Security Dynamics) provides theKane Security Analyst for Windows NT. KSA is a system security analyzer andassessment tool for NT and Novell networks that streamlines a securityadministrator's job. KSA uses built-in security intelligence to examine systemconfigurations and find areas that pose risks or need adjustment. The tool iswell suited for small shops and large enterprise networks.

A Closer Look
KSA assesses the overall security status of NT networks and reports on sixareas: password strength, access control, user account restrictions, systemmonitoring, data integrity, and data confidentiality. According to IntrusionDetection, KSA performs the work of seasoned security specialists andstreamlines the analysis process with built-in security practices. KSA'sembedded knowledge lets the software analyze numerous aspects of systemsecurity, such as user and group permissions across domains, C2 security compliance, password strength, trust relationships, event logs, scriptedpasswords, audit policy compliance, excessive rights, Registry securitysettings, logon violations, and domain security.

KSA performs interactive Registry assessment, providing access control list(ACL) maps and investigating interactive file rights. KSA's file rights featureprovides a simple interface for administrators to examine rights and privilegesassociated with users, groups, and directories. Without this functionality,administrators must manually examine rights and privileges.

Installation and Use
I installed KSA on a Small Business Server (SBS) system. SBS runs NT Server4.0 with Service Pack 3 (SP3). I didn't alter NT or SP3's securityconfiguration. Installing KSA was straightforward and took less than a minute.KSA operates from any PC workstation attached to the network, so it doesn'trequire server resources or system changes. Thus, the product has little effecton your environment.

I started KSA and configured it to run a security audit on the SBS system.The KSA interface is easy to use, and configuration went quickly. I had toselect only a few checkboxes for the tests I wanted to perform. KSA performedthe system audit in less than a minute and displayed the results on a reportcard, as Screen 1 shows. I was surprised that my test system failed in everyarea except Access Control.

KSA's report card lets you examine each risk area. Click List Risks to seeexplanations for each area. I reviewed the risks and discovered that 17 percentof the SBS users had no password, 17 percent of user passwords had expired, theaccount lockout feature was not active, system auditing was disabled, 28 percentof the accounts had administrative privileges, 83 percent of user passwordsdidn't expire, user accounts didn't expire, and the machine's OS/2 and POSIXsubsystems were still in place. These configurations create security risks.

Fortunately, KSA's built-in expertise helped me secure the system. KSAprovides stellar reporting capabilities. The software details each area of thesystem that needs attention, including risk level, current status, and suggestedsettings for tighter security. KSA furnishes more than 30 impressive itemizedreports, such as the Account Policy Analysis, Audit Policy Report, AccessControl Analysis, and Current Security Standards. Each report provides valuableinformation to help you secure your system.

Security Helper
The time KSA saved me inspecting my system justifies the product's cost. Iloaded the software, configured it, ran audits, printed reports, and secured thesystem in less than an hour. Manually performing the checks and adjustmentswould have taken much longer. KSA is a fantastic security administration tool.