Find and fix security holes

Manually analyzing Windows NT security is tedious. Human errors can occur, leading to a breached system or network. To reduce this risk, you need to use software tools to assist in your security analysis.

Intrusion Detection (recently acquired by Security Dynamics) provides the Kane Security Analyst for Windows NT. KSA is a system security analyzer and assessment tool for NT and Novell networks that streamlines a security administrator's job. KSA uses built-in security intelligence to examine system configurations and find areas that pose risks or need adjustment. The tool is well suited for small shops and large enterprise networks.

A Closer Look
KSA assesses the overall security status of NT networks and reports on six areas: password strength, access control, user account restrictions, system monitoring, data integrity, and data confidentiality. According to Intrusion Detection, KSA performs the work of seasoned security specialists and streamlines the analysis process with built-in security practices. KSA's embedded knowledge lets the software analyze numerous aspects of system security, such as user and group permissions across domains, C2 security compliance, password strength, trust relationships, event logs, scripted passwords, audit policy compliance, excessive rights, Registry security settings, logon violations, and domain security.

KSA performs interactive Registry assessment, providing access control list (ACL) maps and investigating interactive file rights. KSA's file rights feature provides a simple interface for administrators to examine rights and privileges associated with users, groups, and directories. Without this functionality, administrators must manually examine rights and privileges.

Installation and Use
I installed KSA on a Small Business Server (SBS) system. SBS runs NT Server 4.0 with Service Pack 3 (SP3). I didn't alter NT or SP3's security configuration. Installing KSA was straightforward and took less than a minute. KSA operates from any PC workstation attached to the network, so it doesn't require server resources or system changes. Thus, the product has little effect on your environment.

I started KSA and configured it to run a security audit on the SBS system. The KSA interface is easy to use, and configuration went quickly. I had to select only a few checkboxes for the tests I wanted to perform. KSA performed the system audit in less than a minute and displayed the results on a report card, as Screen 1 shows. I was surprised that my test system failed in every area except Access Control.

KSA's report card lets you examine each risk area. Click List Risks to see explanations for each area. I reviewed the risks and discovered that 17 percent of the SBS users had no password, 17 percent of user passwords had expired, the account lockout feature was not active, system auditing was disabled, 28 percent of the accounts had administrative privileges, 83 percent of user passwords didn't expire, user accounts didn't expire, and the machine's OS/2 and POSIX subsystems were still in place. These configurations create security risks.

Fortunately, KSA's built-in expertise helped me secure the system. KSA provides stellar reporting capabilities. The software details each area of the system that needs attention, including risk level, current status, and suggested settings for tighter security. KSA furnishes more than 30 impressive itemized reports, such as the Account Policy Analysis, Audit Policy Report, Access Control Analysis, and Current Security Standards. Each report provides valuable information to help you secure your system.

Security Helper
The time KSA saved me inspecting my system justifies the product's cost. I loaded the software, configured it, ran audits, printed reports, and secured the system in less than an hour. Manually performing the checks and adjustments would have taken much longer. KSA is a fantastic security administration tool.

Kane Security Analyst for Windows NT
Contact: Intrusion Detection * 212-348-8900 or 800-408-6104
Web: http://www.intrusion.com
Price: Starts at $695 per server
System Requirements: Windows NT 3.51 or later or Novell NetWare 3.x or 4.x Novell Directory Services, 16MB of RAM, 20MB of hard disk space, 3.5" disk drive and CD-ROM drive