Apricorn Aegis Fortress L3 2TB External SSD Review – Top Level Data Security Hands Down

If you have been following us for awhile, you might remember our review of the Apricorn Aegis Secure Key 3 flash drive that we did back in August of 2016.  Back then, any flash drive at 480GB was something to get your hands on, much less one that would also qualify as one of the most secure flash drives worldwide.  If I were to speak to the quality of the Secure Key 3, it has been in my pocket and in use on a daily basis for the last 2 years and 8 months.  It definitely qualifies as the longest  single tech product I have ever held on to this long…and it is still going strong.

So today, we are upping the game with our report of the Apricorn Aegis Fortress L3 2TB external SSD and I have to say right off, this feels as comfortable in my hands as the Secure Key 3 does.  To start right at the basic build of this device, it is constructed of a single CNC machined chunk of 6061 aircraft grade aluminum alloy cut into two pieces that are fastened together with four snap-off uni-directional security fasteners, and those fasteners then covered with a hardened epoxy thread lock.

In simple terms, there is no physical access to the components within the Fortress L3 by even the company themselves.  It is that secure. The keypad of the L3 is constructed of a durable polymer rendering the device water and dust resistant.  

The Apricorn Aegis Fortress L3 is now available in hard drive capacities of 500GB to 5TB while SSD versions are available in 512GB to 4TB capacities with the possibility of increased 8 and 16TB capacities in the future.  The L3 contains the SanDisk X600 2TB SSD inside, this SSD being built on SanDisks own 64-layer 3D NAND flash memory.  While the SSD itself has AES 256-bit XTS encryption, the Fortress L3 meets NIST FIPS 140-2 Level 3 requirements, making it one of the most secure hand held data devices in the world. Check Amazon pricing.

Inside the Fortress L3 packaging, we find the Fortress L3 itself, a travel pouch, feature sheet, Quick Start Guide and two USB 3.1 cables, the first being USB3.1 to USB 3.1 and the second being USB 3.1 to USB Type-C.  Security is paramount in this device and there is no software setup whatsoever, the unit is set up directly from the keypad as an admin or user.  The first requirement in starting it for the first time is a ‘Forced Enrollment’ where the user is required to create an admin and/or user pin that must be a minimum of 7 letters.  You can increase this to a higher number for added security, however, there is no factory pre-set pin to rely on.

Once you have set up your password and the L3 is unlocked, information can be stored or retrieved and all data is encrypted on-the-fly.  Other features include making the drive read only, activating auto-lock for 5, 10 or 20 minutes, creating a one time user pin, as well as having a lock override that enables the Fortress L3 to stay open during a system reboot or when passing the drive through a virtual machine.  The Fortress L3 is compatible with any Windows, Mac, Linux, Symbian or Android based system and also enables up to 4 single use data recovery pins where data can be restored should the user forget their pin.

Perhaps one of the most interesting, and comforting, features of the Apricorn Aegis Fortress L3 is its ability to shut down brute force attacks.  After three unsuccessful attempts of the pin, the device changes the time between subsequent attempts until the 10th attempt when the keypad locks down.  The admin has the ability on setup prior to this scenario to allow up to 10 subsequent attempts, but after that, all is lost.  All data on the device is crypto-erased and the devices encryption key erased, rendering it useless.  If that isn’t enough, there is also a ‘Last Resort Mode’ that allows the device owner to set a pin in the admin menu where input of that pin causes the device to delete all data, as well as erasing and creating a new encryption key.  True James Bond stuff.

4
Leave a Reply

avatar
1 Comment threads
3 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
3 Comment authors
Les TokarwalterRob Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
Rob
Guest

One thing it lacks is physical security. Page 18 of the User Manual says: Performing a Complete Reset NOTE: A complete reset will erase encryption keys and PINs and leave the Aegis Fortress in an unformatted condition. There may be circumstances (forgotten PIN, redeployment, return to factory default settings) when you need to completely reset the drive. The complete reset feature will perform a crypto-erase on the drive, generate a new encryption key, delete all users, and return all of the settings to factory default. To perform a complete reset of the drive, perform the following: 1. Press and hold… Read more »

walter
Guest

we actually talk about this now and then. and yeah that’s true. and it’s true for most other manufacturers who don’t have a device management console or a software component. we thought about it a lot and opted to stick with a non managed system to allow us to lock down the firmware and eliminate update opportunities because that’s a malware vulnerability occurs and also, it’s hackable. the real concern that we focus on is the security of your data on the drive. when the average data breach cost gets up over 3 million in damages and fines, we figure… Read more »

Rob
Guest

Couldn’t the first key entered be the ‘user lock’ for the drive, unneeded until next time a complete reset is performed? After a complete reset one would have to enter the first key ever used, otherwise it would be a brick. Another method would be a peel-off sticker unrelated to the serial number which contains the key to use. Some of the drives are more than a few hundred dollars and while some might steal it thinking it had value those in the know would understand that the only “value” would be to cause concern and deprive the user of… Read more »

SSD QUICK SEARCH