Mega AS Consulting Ltd. CAT Authentication Server
Strengths: Easy to deploy OTP solution that integrates to the enterprise via Radius.
Weaknesses: OTP to a cell phone and loss of signal or dead battery will always be issues.
Verdict: Easy way to add two-factor to web-based resources. Limited to OTP-style tokens.
SummaryThe CAT Authentication Server (CAT AS) v4.4 is a Windows application that runs on an enterprise server. The CAT (Cellular Authentication Token) is a soft token. It is software that runs on cellular phones. It does not need communication and does not use SMS. It is installed on the cellular like a cellular game or ringtone. The CAT AS provides multiple authentication methods, such as one-time password (OTP), generated using a CAT token; an OTP sent by SMS to a cellular phone; or the combination of OTP and Active Directory password authentication.
The CAT AS is usually located on the internal enterprise network and is accessible to its authentication clients only. The authentication clients could be any device or software that require strong authentication and can communicate with the CAT AS using Radius or the CAT AS API. The CAT API Web Service is a set of methods that allow the CAT AS to perform tasks through the internet/intranet. It also allows requests to come from the internet to the CAT AS.
With the CAT AS admins can manage the users accessing the server, manage the authentication services, and produce system reports.
The CAT system uses one-time password technology and the cellular phone as the token. The authentication server and management system are very easy to use and make managing the services and identities a snap. The one-time password for each identity is generated on the basis of a combination seed (secret data) and a random string. The administrator can change the OTP sequence by requesting to change the random string.
AD synchronization is included and the software supports Radius-enabled devices/software, such as Citrix, Check Point, Cisco and MS ISA. Admins can use existing Radius solutions or the free Radius server provided with the software. The CAT also has an open API that makes it easy to integrate with products and web pages.
This is a nice solution for providing access to secured websites. Reporting is ok and the documentation was sufficient.