Review: Authenex ASAS

The Authenex ASAS system is a very robust system designed for large companies. It requires a standalone server running Windows 2000 with SP4 or Windows 2003. It must also have a Radius or SQL server on the system to allow for use of the integrated database of A-Key tokens supplied with the system.

It has a very well-integrated web interface for managing the product from anywhere and covered almost every aspect through the menu within. A wizard that sets up searches through the logs would make things a little easier. LDAP connection set ups were difficult but not completely overwhelming. Since the server is a standalone system, higher network traffic was not a problem with user authentication, but the web-based interface delayed software change updates. The only major downfall of the interface was trying to view events in the system, because the administrator must know which A-Key they are looking for.

The documentation supplied for the software was very good and was available online too. It provided a complete step-by-step procedure including screen shots to guide installation and set up of the system. A FAQ provided help with the main questions asked during install. Technical support is well organized and very informative for end users, although only available during business hours.

The graphical user interface was easy to navigate. Windows menus are untouched since the administration consoles are completely separate from the main server system. Security of the main server was preserved after installation. Minimal ports left open by the install allowed for ease of monitoring.

The authentication software is available for multiple platforms (we tested only for Windows). It provides strong authentication requirements by requiring users to have the USB key inserted before attempting to log in. However, the client suffers from both the forensic and safe mode bypass flaws.

The system is easy to understand once set up and it performed well under high network traffic. Overall, it is worth the money for larger companies but probably not for those with limited resources.

For:

Good implementation and documentation, administration clean and straightforward.

Event logging could use some improvement, security flaws.

For a larger company with requirements for central authentication management using a variety of standard authentication databases, this is a good product. The security flaws on the client can be managed by encrypting the disk and should pose no problem if that is done.