iXBT Labs - Computer Hardware in Detail

Platform

Video

Multimedia

Mobile

Other

U.S.Robotics Secure Storage Router Pro (USR8200)







Features of the embedded SMB and FTP servers







As it has already been said in excursus to settings, you can connect external data storage devices with USB or Firewire interfaces to USR8200. The storage devices at once appear (if detected) in Network map, where you can browse them, create partitions, format, or check for errors.

Unfortunately (this is noted on the web site of the manufacturer in the firmware comments), compatibility with USB 1.1 devices leaves much to be desired. Out of ten flash cards that I tried to connect, only two worked: Kingmax 16Mb and Easydisk 128Mb. I had no devices with USB2.0 or IEEE 1394 available, and so I didn't manage to check how USR8200 works with them.



Users will see such storage devices as shared disks (SMB resources) or via an FTP server. Access to both kinds of resources is granted only to users, who have logins and passwords in the corresponding section of USR8200. Besides, an ftp server can have a special anonymous user. This user can have read and write rights. You can also create a special directory, and this user will not be able to go any higher than that (chroot). But in Samba (this program serves as an SMB server) anonymous access is not provided.






Much to my regret, implementation of user access isolation is in germ. If you grant read access to a user, this user will be able to read all files from the medium. If you grant write rights – in much the same way, this user will be able to write and delete any files. You can see why it is so in the screenshot above: the files listed on the screenshot were created by different users via ftp and smb, but they all actually have one owner or group. This concerns the files created by anonymous users via ftp as well.



USR8200 security tests

The tests were carried out according to this technique.

The device has been scanned in two modes. The first mode featured the minimum security policy (all inbound and outbound connections were allowed) and the activated access to configuration interface on WAN:







Nessus reports:

Obviously, a lot of various problems are found as a result of full access (in reality, this configuration will hardly be chosen). But it should be noted that no serious vulnerabilities were found.

During scanning the device was operating all right, there were no reboots or freezes. But the security logs showed almost no signs of attack attempts or scanning.

Before the second scanning, we set the security policy to "block everything" and deselected all check boxes in Remote Administration (all possible access from outside was blocked). I will not publish Nessus reports, because there aren't any. That is nothing was found during scanning.

In other words, device security is on a high level.


Availability

Unfortunately, USR820 was not on sale when the review was written.


Conclusions

Secure Storage Router Pro (USR8200) from U.S.Robotics is a functional and a high-performance device. One can even say that it's a first device (in our lab), which possesses such an impressive set of functions, high performance, as well as a good security level.

If programmers corrected several bugs about access right isolation for users working with embedded SMB and FTP servers and some glitches in IPSec implementation, there would be practically nothing to nag at. Another obscurity – the device has the IPSec support and the console mode of control via telnet, why not add the ssh support?

Pros

  • High routing performance (transfer between the LAN and WAN segments)
  • IPSec/PPTP VPN server
  • High performance of the embedded VPN server supporting IPSec
  • Very rich settings of the IPSec protocol (including tunnel and transport mode support)
  • Good performance of the embedded VPN server with the PPTP support
  • IPSec/PPTP pass-through support
  • Good security level
  • Flexible and functional firewall
  • Very detailed logs
  • SNMP protocol support
  • Embedded print server
  • Embedded file server supporting SMB and FTP
  • Remote control via telnet

Cons:

  • It's impossible to add anonymous users to the IPSec server (without specifying an IP address)
  • Implementation of the IPSec tunnel establishment algorithm does not allow to connect to a remote host directly (at minimum, you need another host specified as a gateway on WAN interface)
  • L2TP pass-through is not supported
  • Domain filtering does not support masking
  • Some ambiguity with content filtering by subscription
  • Lack of the external syslog server support (logs are stored locally or can be partially sent to emails)
  • Possible incompatibilities with USB1.1 devices
  • Certificate support in IPSec is not convenient, Radius server integration is not supported
  • SSH control is not supported
  • No anonymous access to a file server for Samba
  • Primitive user access isolation on a file server (the owner of all files is the admin user)



Navigation:



Evgeniy Zaitsev (eightn@ixbt.com)
24 August, 2004



Write a comment below. No registration needed!


Article navigation:



blog comments powered by Disqus

  Most Popular Reviews More    RSS  

AMD Phenom II X4 955, Phenom II X4 960T, Phenom II X6 1075T, and Intel Pentium G2120, Core i3-3220, Core i5-3330 Processors

Comparing old, cheap solutions from AMD with new, budget offerings from Intel.
February 1, 2013 · Processor Roundups

Inno3D GeForce GTX 670 iChill, Inno3D GeForce GTX 660 Ti Graphics Cards

A couple of mid-range adapters with original cooling systems.
January 30, 2013 · Video cards: NVIDIA GPUs

Creative Sound Blaster X-Fi Surround 5.1

An external X-Fi solution in tests.
September 9, 2008 · Sound Cards

AMD FX-8350 Processor

The first worthwhile Piledriver CPU.
September 11, 2012 · Processors: AMD

Consumed Power, Energy Consumption: Ivy Bridge vs. Sandy Bridge

Trying out the new method.
September 18, 2012 · Processors: Intel
  Latest Reviews More    RSS  

i3DSpeed, September 2013

Retested all graphics cards with the new drivers.
Oct 18, 2013 · 3Digests

i3DSpeed, August 2013

Added new benchmarks: BioShock Infinite and Metro: Last Light.
Sep 06, 2013 · 3Digests

i3DSpeed, July 2013

Added the test results of NVIDIA GeForce GTX 760 and AMD Radeon HD 7730.
Aug 05, 2013 · 3Digests

Gainward GeForce GTX 650 Ti BOOST 2GB Golden Sample Graphics Card

An excellent hybrid of GeForce GTX 650 Ti and GeForce GTX 660.
Jun 24, 2013 · Video cards: NVIDIA GPUs

i3DSpeed, May 2013

Added the test results of NVIDIA GeForce GTX 770/780.
Jun 03, 2013 · 3Digests
  Latest News More    RSS  

Platform  ·  Video  ·  Multimedia  ·  Mobile  ·  Other  ||  About us & Privacy policy  ·  Twitter  ·  Facebook


Copyright © Byrds Research & Publishing, Ltd., 1997–2011. All rights reserved.