Thursday March 11, 2010 7:02 AM AEST
Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
 
Latest Comments
"Sunglasses of wto-store.com www.wto-store.com Versace Sunglasses http://wto-store.com/catego..."
on Web 2.0: Attack of the JavaScript malware
by Luxury Handbags 100% Authentic, 2010 Lastest Styles, Buy Now! | Mar 10, 2010 8:59 PM
 
"First Post Hooray"
on Online identity theft: Who's after my Facebook password?
by Random Stranger | Mar 10, 2010 12:38 PM
 
"virus"
on China to crack down on Google hackers if evidence is shown
by new | Mar 10, 2010 8:27 AM
 
"I just received one of those emails. As I have sent a UPS parcel, I thought for sure that it was ..."
on Trojan disguised as UPS delivery note
by Frank | Mar 10, 2010 3:14 AM
 
"Yes I just watched a video of this event. Looks like some people namely the radical left are ..."
on Not all welcome at Perth anti-filter rally
by mick | Mar 9, 2010 3:54 PM
Patch Management

Authenex ASAS

  • Email a Friend
  • Print Page
Authenex ASAS
Product Info
Supplier:
Product Rating
Features:  3
Ease of Use:  4
Performance:  3
Documentation:  4
Support:  3
Value for Money:  3
Overall Rating:  Overall Rating
 
For:

Good implementation and documentation, administration clean and straightforward.


Against:

Event logging could use some improvement, security flaws.


Verdict:

For a larger company with requirements for central authentication management using a variety of standard authentication databases, this is a good product. The security flaws on the client can be managed by encrypting the disk and should pose no problem if that is done.
Related Articles
By Peter Stephenson,CeRNS,
Feb 11, 2005 12:00 AM
Tags: Authenex | ASAS | (Two-factor | 2005)

The Authenex ASAS system is a very robust system designed for large companies. It requires a standalone server running Windows 2000 with SP4 or Windows 2003. It must also have a Radius or SQL server on the system to allow for use of the integrated database of A-Key tokens supplied with the system.

The Authenex ASAS system is a very robust system designed for large companies. It requires a standalone server running Windows 2000 with SP4 or Windows 2003. It must also have a Radius or SQL server on the system to allow for use of the integrated database of A-Key tokens supplied with the system.

It has a very well-integrated web interface for managing the product from anywhere and covered almost every aspect through the menu within. A wizard that sets up searches through the logs would make things a little easier. LDAP connection set ups were difficult but not completely overwhelming. Since the server is a standalone system, higher network traffic was not a problem with user authentication, but the web-based interface delayed software change updates. The only major downfall of the interface was trying to view events in the system, because the administrator must know which A-Key they are looking for.

The documentation supplied for the software was very good and was available online too. It provided a complete step-by-step procedure including screen shots to guide installation and set up of the system. A FAQ provided help with the main questions asked during install. Technical support is well organized and very informative for end users, although only available during business hours.

The graphical user interface was easy to navigate. Windows menus are untouched since the administration consoles are completely separate from the main server system. Security of the main server was preserved after installation. Minimal ports left open by the install allowed for ease of monitoring.

The authentication software is available for multiple platforms (we tested only for Windows). It provides strong authentication requirements by requiring users to have the USB key inserted before attempting to log in. However, the client suffers from both the forensic and safe mode bypass flaws.

The system is easy to understand once set up and it performed well under high network traffic. Overall, it is worth the money for larger companies but probably not for those with limited resources.

 
Products also reviewed in the Group Test SME firewall/VPNs (2005):

Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
 
Patch Management Whitepapers
 
Popular Tags
attack attacks australia censorship china chinese conroy data filter flaw fraud google government internet malware microsoft nsw privacy scam security