Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The Authenex ASAS system is a very robust system designed for large companies. It requires a standalone server running Windows 2000 with SP4 or Windows 2003. It must also have a Radius or SQL server on the system to allow for use of the integrated database of A-Key tokens supplied with the system.
It has a very well-integrated web interface for managing the product from anywhere and covered almost every aspect through the menu within. A wizard that sets up searches through the logs would make things a little easier. LDAP connection set ups were difficult but not completely overwhelming. Since the server is a standalone system, higher network traffic was not a problem with user authentication, but the web-based interface delayed software change updates. The only major downfall of the interface was trying to view events in the system, because the administrator must know which A-Key they are looking for.
The documentation supplied for the software was very good and was available online too. It provided a complete step-by-step procedure including screen shots to guide installation and set up of the system. A FAQ provided help with the main questions asked during install. Technical support is well organized and very informative for end users, although only available during business hours.
The graphical user interface was easy to navigate. Windows menus are untouched since the administration consoles are completely separate from the main server system. Security of the main server was preserved after installation. Minimal ports left open by the install allowed for ease of monitoring.
The authentication software is available for multiple platforms (we tested only for Windows). It provides strong authentication requirements by requiring users to have the USB key inserted before attempting to log in. However, the client suffers from both the forensic and safe mode bypass flaws.
The system is easy to understand once set up and it performed well under high network traffic. Overall, it is worth the money for larger companies but probably not for those with limited resources.
Good implementation and documentation, administration clean and straightforward.
Event logging could use some improvement, security flaws.
For a larger company with requirements for central authentication management using a variety of standard authentication databases, this is a good product. The security flaws on the client can be managed by encrypting the disk and should pose no problem if that is done.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.