Apricorn 18TB Aegis Padlock DT FIPS 140-2 Level 2-Validated External Desktop Drive

The 18TB Aegis Padlock DT FIPS 140-2 Level 2-Validated External Desktop Drive from Apricorn is an encrypted desktop hard drive that's designed to meet the FIPS 140-2 Level-2 standard for cryptographic security. Boasting on-the-fly AES 256-bit hardware encryption, the Aegis Padlock DT FIPS desktop drive comes equipped with an integrated, wear-resistance 10-digit keypad for entering PINs, as well as a heat-dissipating aluminum enclosure.

Offering data transfer rates up to 5 Gb/s, the plug-and-play Aegis Padlock DT features a USB 3.2 Gen 1 Type-B interface, brute-force protection, forced administrator and user enrollment, an auto-lock mode, and a lock override mode. Its administrator feature allows enrollment of up to four unique user PINs and one administrator PIN, making it ideal for collaboration. The drive comes with a USB Type-B to Type-A cable and an AC adapter.

General Features

Featuring AegisWare

The heart and soul of every Apricorn Secure Device, AegisWare is a patent-protected firmware combined with an advanced feature set.

FIPS 140-2 Level 2 Inside

Meets the U.S. government standards for information technology and computer security. NIST FIPS 140 is the cryptography standard program required by the US federal government for protection of sensitive data.

The Aegis Padlock DT's FIPS 140-2 validation covers 11 areas of its cryptographic security system, including physical security, cryptographic key management, and design integrity. The Aegis Padlock DT's FIPS 140-2 Level 2 encryption validation encompasses both the Padlock DT's physical tamper-resistant features, as well as its identity-based authentication. Tested and validated by the National Institute of Standards and Technology (NIST) for use by the Federal governments of the USA, Canada, and others, the Aegis Padlock DT Drive is based on Apricorn's FIPS 140-2 Level 2 validated encryption module as indicated by certificate #3944. The epoxy-coated boundary includes all encryption functions and all Critical Security Parameters (CSPs), such as PIN storage, encryption key generation and storage, random number and seed generators, and all firmware storage. The FIPS module is a complete encryption system, and all CSPs never leave the boundary and are never shared with a host system. By design, the HDD/SSD that stores the encrypted data is excluded from this boundary to both maximize affordability and product line flexibility in capacity and form factor offerings.

Aegis Configurator Compatible

Create custom profiles and mass configure multiple devices in a matter of seconds using the Aegis Configurator. To configure an expanded number of devices, use the Powered Aegis Configurator Hub bundle.

Separate Admin and User Mode

The Aegis Padlock DT FIPS supports one independent admin and up to four user PINs. The Admin Mode controls the universal programmable settings of the device and can only be accessed with the admin PIN. The User Mode is limited to basic external drive functions like read/write, unlock/lock, etc. The data on the drive can also be accessed with the admin PIN in the User Mode.

Polymer-Coated and Wear-Resistant Onboard Keyboard

Until the device is unlocked via its keypad, it remains invisible to the host. The embedded keypad circumvents all hardware and software key logging attempts to capture passwords by excluding the host system from the authentication process. Polymer-coated buttons are wear resistant and designed to not reveal most commonly used buttons.

Admin Forced Enrollment

Out of the box, there are no factory pre-set default PINs. In order to set up and use the drive, a unique PIN must first be established by the admin, from within the Admin Mode.

User-Forced Enrollment

Once a device is configured by the admin, it can then be deployed in a state of USER FORCED ENROLLMENT in which the user must first establish his or her own PIN before the drive can be accessed or used.

Two Read-Only Modes

Employed in situations that require the drive's contents to be kept intact and unaltered for later examination. The two read-only modes include a Universal Read Only that is set by the admin from within the admin mode and can't be modified or disabled by anyone but the admin. The second read-only mode can be set and disabled by a user but can also be enabled or disabled by the admin as well.

Programmable Pin Lengths

The longer the PIN, the more secure the data on the device becomes. For example, the odds of brute force success go from 1/10,000,000 with a 7-digit PIN to 1/100,000,000 with an 8 digit PIN. In cases where the user sets up his or her own PIN from User Forced Enrollment, the admin can set an enhanced user password length requirement as part of the overall security policy.

Brute Force Defense

All Aegis Secure Drives are unlocked (authenticated) by entering a PIN on their own onboard keypad. Since the PIN is not entered using the host computer's keyboard, they are not vulnerable to software or hardware-based keyloggers or software-based brute force attacks. However, if the device comes under a physical brute force attack, your data is protected with a programmable "Brute Force Hack Defense Mechanism" which, if the programmed number (between 4 and 20) of consecutive incorrect password entries has been attempted, the device will delete its own encryption key and destroy the ability to decrypt its stored data.

Unattended Auto Lock

All Aegis Secure Drives will automatically lock once disconnected from a computer's USB port or the power to that USB port is interrupted, or after a pre-programmed period of inactivity.

Lock Override

Designated for specific cases in which the drive needs to remain unlocked through USB port re-enumeration such as during reboot, or passing through a virtual machine.

Drive Reset Feature

Drive reset clears both the user and admin PINs, destroys the data, creates a new randomly generated encryption key, and allows the drive to be reused repeatedly, with an infinite number of randomly generated encryption keys, allowing the admin and or user to reset the drive as often as is needed.

Self-Destruct PIN

The last line of defense for data security when the device's physical security is at risk. The Self-Destruct PIN defends against these physically compromising situations by erasing the drive's contents, leaving it in normal working order appearing yet to be deployed.

LED Key Press Indicator

This visually confirms successful button presses using the device's LEDs.

MS