Broad Protection That Arrives In A Small Box
Officially, SecBox is a hardware authentication and encryption device that strives to provide a secure means of data transmission over insecure networks (which potentially can mean any network).
The device offers several features. It can act as a worldwide private VPN. It also supports 4.5-Mbps encrypted data flow, but the vendor claims that the product can actually support up to 18 Mbps incoming or outgoing data streams. SecBox has built-in NAT and firewall functionality.
The device also uses TPM. Switching themes to "Mission Impossible," just like Mr. Phelps' tape, the SecBox's embedded TPM will self-destruct if tampered with (although it was not possible to confirm if that happens in five seconds). For extra protection, the electronics are completely housed in epoxy. SecBox uses a patented encryption technology called MVCN.
Suggested scenarios for use include extra security of an IP-phone-to-IP-phone call, creating secure connections for project development teams or providing secure access to a terminal server. Navayo lays out five problem areas and how SecBox can be instrumental in providing protection: Large corporate offices with hundreds of employees working in the building need to safeguard information from malicious attacks coming from either inside or outside the company; branch networks in which sensitive data (such as banking or finance information) is being transmitted between offices need to secure that data; government offices connected to highly sensitive databases are required to manage the information flow between agencies; the military--headquarters, command centers, field agents and troops-- all need to be coordinated; and finally, a supplier's partner network has product specs and details in pre-release form that must be kept from prying eyes.
There are four ports on the device: a LAN Ethernet port, an Internet Ethernet port, and a USB A and USB port. The device can be powered via USB or with a DC 5v adapter.
For testing, the device's Internet port was connected to a switch on the test network and the LAN port was connected to a stand-alone laptop's Ethernet port. Power to the SecBox was provided by the laptop's USB. Microsoft Windows' Hardware Wizard detects the device as an RNDIS/Ethernet gadget. Reviewers installed the SecBox's drivers, which are on the CD shipped with the product.
The SecBox acts as a DHCP server, dynamically allocating an IP address to the laptop. The laptop was able to connect to all resources on the test LAN, including a SAN and printer, and was able to use the test network's Internet access.
The device has an additional port to connect USB devices without the need to connect them to a machine. SecBox cannot mount USB devices without partition tables, however.
A Web-management interface is available for a variety of administrative tasks--admin and user setup, firewall and NAT configuration, and setting up an intranet over MVCN.
When the management GUI starts up, the user is prompted to input a user name. Next, the interface prompts for a fingerprint scan. The wizard displays a "scan complete" after the finger scan (three scans are needed). If the scan is not successful, there is the "Restart Scan" option.
This is where Test Center reviewers ran into a roadblock. After spending an hour scanning and using various reviewers' fingers, still no luck. Even abiding by the user guide's list of "fingerprint scan rules," among them being that the scan must be perpendicular to the device, the scan must be done fast and without hesitation and the scan must be done with the device at room temperature, the SecBox was unable to process the finger swipe. Unfortunately, this is a required step to continue through the Web management interface setup, so needless to say, that setup was abandoned.
Navayo stated that the problem with the fingerprint reader was most likely due to a faulty unit we received. That may be the case. This product has great potential as a cost-effective way to implement heightened security over networks, pairing an apparently strong encryption method with biometrics. However, the biometric portion has to function properly.