MXI Stealth Zone Delivers Secure Portable Computing

By Andrew Garcia  |  Posted 2010-12-01

The MXI Stealth Zone series of USB-based computing environments could be appealing to government workers looking for a secure, portable computing solution that doesn't require lugging around a laptop or a network.

MXI Stealth Zone devices-called Stealth Keys-feature a Bluefly Processor and a customizable Windows XP embedded operating system environment on a single USB stick that looks just like any other USB flash drive. Having this complete, separate and bootable computing environment on a USB stick means that a Stealth Zone user's files and programs won't be compromised by infected kiosks or other unmanaged PCs, while the user retains the flexibility of taking a fully outfitted and customized application set along. And by fully encrypting the operating system and applications-along with the user's files and settings-Stealth Zone devices are validated for FIPS (Federal Information Processing Standard) 140-2 Level 3 compliance.

I tested the 8GB version of the M500 Stealth Key, which lists at $479. MXI offers a range of capacities for the M500 model, ranging from 1GB to 64GB in size, as well as a range of other models that offer biometric fingerprint authentication (M700 Bio) or metal enclosures (M550 or M700 Bio).

At this time, the Stealth Keys are available only to government customers, although MXI representatives expect the devices to be available for enterprise customers sometime in 2011.

To set up the M500, I simply needed to insert the device into a Windows PC, which automatically installs the necessary drivers just as would happen with an ordinary thumb drive. I then received a prompt to start the Access Standard software contained on the stick, which is used to individually manage Stealth Keys.

Using the Access Standard software, I could set up access passwords for a single user and for the device administrator using the normal setup wizard. Using the alternate Custom wizard, I could also configure the stick to support more than one user (all Stealth Keys support a maximum of 10 users), set the management code needed to restore the M500 to a factory state, or create and enforce password complexity rules.

Customers looking to manage many Stealth Keys can also look into MXI's Access Enterprise management system, which can be used to configure and enforce policies across a fleet of Stealth Keys.

At this point, the MXI Stealth Zone should be able to boot any PC, as long as the PC supports booting from a USB device and is configured to do so in the BIOS. However, I didn't experience quite the success I expected with my collection of test PCs. The Stealth Key was able to correctly boot my Lenovo ThinkPad T400 and a custom-built dual-core Athlon PC, but my Dell Inspiron M1330 was able to start the boot process but ultimately failed to fully recognize that the Stealth Key was connected.

When working properly, the Stealth Key boots into a preboot environment, whereupon the user is asked to log in using the same credentials created from Access Standard. Users can then choose whether to adapt the MXI boot environment to the PC hardware, creating a profile tailored to the hardware specifics of the machine in question. Profiles for no-long accessible hardware can be deleted from within the advanced section of the preboot environment.

Without adapting the Stealth Key to the hardware (called generic mode), the operating system environment may be fairly useless by default, possibly with no configured network connections, USB devices, optical drives and minimal display resolution by default. To connect a generic instance to the network, I needed to run a mini-adaptation from the Stealth Zone applet in the System Tray, which takes a couple of minutes to identify and configure any wired or wireless LAN connections used by the PC. 

To save time, users should definitely look into creating hardware profiles for any machines that will be commonly used with the Stealth Key.

My M500 test unit came with a meager collection of software installed: only Microsoft Office 2003 on top of the Windows XP Embedded OS with Internet Explorer 7. From the preboot environment, administrators can switch the Stealth Key into a maintenance mode of operation that disables the write filters imposed upon the Stealth Key during normal operations, to add additional software or patches that will be needed for day-to-day use.  

Rocket Fuel