Technically, RedCannon's Fireball KeyPoint is an endpoint security solution conveniently packaged in a portable USB token. In reality, it's a basic, secure mobile computer that uses host machines as conduits for I/O devices, connectivity to the Internet and corporate networks.
When the Fireball KeyPoint is plugged into a USB port, it connects to the RedCannon Web site or your enterprise's management server for policy and software updates. Updates are loaded before it scans the host PC and grants secure access to network-based applications. The token also alerts users to the presence of spyware or malware on the host PC, but doesn't remove it.
Fireball KeyPoint assesses and authenticates the host machine's compliance with enterprise security policies, granting full access to compliant machines, limited access to moderately risky machines, or no access to machines that represent a high security risk. For example, hosts with a low-level adware threat could still be granted e-mail access. However, if a more dangerous keystroke logger is detected, Fireball KeyPoint won't permit a connection and will advise the user to try another host. The connection to the corporate network is secured with an IPsec VPN tunnel.
Get in-depth information about endpoint security solutions here.
An area of concern is RedCannon's suggested distribution of policy updates via shared drives -- an open invitation to disaster, since worms like Blaster and My-Doom could use the open shares to propagate on the LAN. Fortunately, this isn't a requirement; we discovered during testing that using a Web session secured with SSL or SSH will close this hole. In light of this review, RedCannon has changed its recommended architecture.
RedCannon's Fireball KeyPoint provides token-based endpoint security, secure Web browsing, storage and e-mail, and spyware protection.
Enterprises can configure Fireball KeyPoint to securely run common applications (such as Web browsers and e-mail) and avoid untrusted applications on host machines. RedCannon's proprietary e-mail is adequate; it has the same basic features and capabilities as free or inexpensive e-mail apps like Calypso, Eudora and Thunderbird. The only difference with Red-Cannon's secure e-mail is that almost everything runs from the token, and what little runs from the host PC is hashed/encrypted, erasing all traces of the session.
E-mail messages are stored and encrypted in a token-based vault.
Although RedCannon claims Fireball KeyPoint leaves no residual data on the host computer, our testing found traces of visited Web pages in the Documents and Settings temp directory after the token was removed. This is disappointing, since the whole point of this device is to securely browse the Web and access e-mail via an untrusted computer. RedCannon says the bug will be fixed in the next release.
Fireball KeyPoint comes in two sizes -- 256 MB and 512 MB -- but don't let the numbers fool you. Its auto-recovery app takes up approximately 50 MB. The Encrypted Vault secure storage provides drag-and-drop capability through Windows Explorer. And, just as the scanner limits or blocks access to the corporate network, it will also lock down the vault if the host machine presents an unacceptable risk.
The tedious process of integrating Fireball KeyPoint's Fireball Manager into Active Directory--the only supported directory service--must be completed before license, key and policy distribution. Each token must be plugged into a USB port on either the system hosting the management server or with network share to receive licenses, policies and configurations. Wizard-based installation for the Fireball Manager and authentication to a secure Web site/sharepoint for policies/licenses would be on our wish list for the next version.
A thin Quick Start Guide and poor documentation complicated the Fireball Manager's installation and configuration. The guide was lacking in nearly every subject, and completely missing was a diagram showing the entire architecture, which would have prevented serious roadblocks during setup and testing.
Despite a number of first-release shortcomings, the Fireball KeyPoint is an endpoint security product with potential. Whether you're using an Internet cafe or a home computer, the device lessens the most common remote access security concerns. We expect future versions only to improve upon this strong foundation.
About the author
Tom Bowers has worked with computers since the early 80s. He is currently the Manager of Information Security Operations for Wyeth Pharmaceuticals, where he leads a team conducting pen testing globally. He also owns Net4NZIX, a small consulting firm specializing in pen testing and computer forensics. Tom holds the CISSP, PMP and Certified Ethical Hacker certifications. He can be reached at tbowers@net4nzix.com.
This article originally appeared in our sister publication Information Security magazine.
