Re: [PEN-TEST] ForixNT, the NT Audit Toolkit

[H Carvey <keydet89 () YAHOO COM>]

Mark, 

Thanks for your comments.  Regarding Talisker's 
comments...


> If you compare ForixNT against the main 
contenders in the same space
>

Doing so would be as comparing apples to oranges.

> Symantec  STAT

I'm not really familiar with either of 
these...I'll look into them.

> /Axent ESM

My experience with Axent's ESM was that agents had 
to be loaded on each machine to be examined, and 
then the data was reported back to the central 
manager.

ForixNT runs from a central location, and collects 
information from remote systems on the LAN and WAN 
without loading ANY software on remote systems.  
This equates to a 100% footprint of coverage, 
without ever leaving the office...saving travel 
costs, for one.  Also, b/c the data the NT admin 
collects is centrally stored, there is greater 
security of that data.

ForixNT has been demonstrated to work over VPN 
links.

> /ITA

ForixNT is not an IDS.  

> Live update is not a feature one should really 
aspire to having as an
> attraction to a product.  

Live updates, and automagically corrections or 
modifications performed by any .exe.  ForixNT is 
open-source Perl code...which means you can read 
it and see what it does.  If you say you don't 
know Perl code...you should say that you don't 
know Perl code _yet_.  

ForixNT's design is so flexible and extensible 
that NT admins can collect more Registry key data, 
and ACLs from files, directories, and Registry 
keys...all by simply editing a text file.

H. Carvey
Lead Developer, ForixNT