As new and more sophisticated cyber attacks evolve, mobile devices are becoming a popular threat vector. XD Air [USG program name FiST] provides unique mobile media protection by ONLY allowing trusted content to be shared. Using a kiosk based solution, XD Air inspects, filters and cleans data on your device, making it safe to use, even in the most sensitive networks.
XD Air was developed under the USG program name of FiST in response to the highly publicized USB "thumb drive" threat in November 2008. As a result, USB devices have been restricted or even banned in critical environments. However, these drives were widely used to share vital information between users, partners and applications so the need for a solution was evident.
- Protects against zero day exploits by enforcing policy that only passes content that is known to be completely reliable and compliant with file format standards.
- Prevents information leaks by augmenting the “known good” checks with extensive clean/dirty word filtering capabilities.
- Conducts deep content inspection and analysis to uniquely verify that file formats are correct and that metadata and other “hidden” areas have not been exploited as carriers of information or new exploits.
- Detects, cleanses, removes, and stores malicious hidden content, viruses, and malware for forensic analysis.
- Addresses threats and sources unique to USB drives, such as fake CD ROM devices that can deliver executable content.
- Integrates with encrypted USB drives from several manufacturers.
Click to enlarge
XD Air 4.2 is now generally available and implements customer-driven support features for evolving requirements, including:
- Migration to AFT 1.3 which enables:
- Support for Microsoft Office® 2010 file types
- Support for UTF-8 (Unicode)
- Ability to process larger files, up to 1GB (depending on file type)
- Option to include dirty word matches in the manifest
- Support for additional media types including legacy SCADA devices, SD cards, and compact flash through supported USB adapters
- Ability to process USB hard disks up to 250 GB as well as floppy drives
- Administrator option to customize warning banner
- Improved detail in the manifest for transferred, omitted, and modified files
- Ability to sign destination media for secure distribution to another XD Air site
The XD Air package includes the following:
- 64 bit custom laptop with 30 months warranty (specifically excludes wireless network capability) with BIOS configured for proper operation
- All software installed and ready for use
- All licenses for included software for one year
- Color coded dongles for “source” and “target” USB drives
- Complete user and administrator documentation
- Tier three support included
- Administrator and engineering support training available
Device & File Support List
- Laptop-based Kiosk · Built for a COTS 64 bit platform to support rapid deployment and mobile operations. Appliance-like functionality minimizes user error.
- Isolated environments · Uses SELinux and Tresys VM Fortress to positively isolate the "dirty" side of the application from the "clean" side where sanitized files are stored. Isolation ensures:
- Safe handling of virus and malware infected files
- Secure device erasure
- Strong transactional separation
- Adaptable filters · Provide state of the art identification of advanced malware and viruses and integrates new filters as other attacks are identified in the future. Filtering features include the following:
- Detect virus or malware infected files
- Clean and verify files are cleansed
- Remove unknown file types
- Remove steganography
- Analyze, remove, and cleanse embedded objects
- Remove or cleanse color or size obfuscated text
- Remove macros from documents
- Remove or cleanse metadata
- Remove unrecognized data
- Validate file formats
- Hidden content identification and cleansing
- Forensic capability · Stores "dirty" data in controlled and isolated environment for forensic analysis; critical in threat detection to adapt XD Air to evolving attacks.
- File Types · XD Air supports many file types, including the following:
- Word (.doc, .docx, .docm)
- Excel (.xls, .xlsx, .xlsm)
- PowerPoint® (.ppt, pptx, .pptm)
- ASCII text files (.txt)
- Portable Document Format (.pdf)
- BWT zip (.bz2)
- UNIX tar (.tar)
- Pkzip (.zip)
- GNU zip (.gz)
- Joint Photographic Experts Group (.jpg, .jpeg)
- Windows® Bitmap (.bmp)
- Tagged Image Format (.tif, .tiff)
- Windows® Metafile (.wmf)
- Windows® Enhanced Metafile (.emf)
- Graphics Interchange Format (.gif)
- Portable Network Graphics (.png)
Microsoft® Office (97-2007)
Text and Presentation Files
1. What does XD Air do?
- XD Air enforces a policy of permitting only known good content to pass through to a target medium. This policy of whitelisting is the best available defense against Zero Day exploits. XD Air also provides blacklisting capabilities that enable protection against inappropriate exfiltration of information content that is not malware, but should not transition the boundary protected by the XD Air system. XD Air uses a complex stream of inspection and cleansing filters to process the files, protected within layers of SELinux security to protect the device itself from subversion.
2. What requirements does FiST meet for DoD users?
- XD Air meets the requirements of JTF-GNO CTO 10-004a, US CYBERCOM CTO 10-084, and US CYBERCOM CTO 10-133. In each case, FiST is explicitly called out as a requirement for certain use cases within the CTO.
3. How does a user interact with XD Air?
- XD Air is a kiosk with a clear user interface. A user inserts a suspect USB drive or other media into XD Air where it is scanned, cleaned, and made ready for use in USG systems and networks. The user then selects a destination for the cleansed data, such as a new CD/DVD, USB drive, or the original USB drive.
4. What happens to infected or unrecognized files identified by XD Air?
- Files with unrecognized formats will be removed by XD Air. Recognized files that contain malicious or hidden content will be cleansed for safe use if possible. Otherwise, the file will be removed.
5. Does XD Air work with encrypted USB devices?
- XD Air currently supports MXI and IronKey Enterprise, Personal, and Basic versions for source ("dirty" files) and destination ("sanitized" files). Other encrypted USB devices will be supported in the future.
6. What happens to my password protected files like a DOC or a ZIP?
- XD Air does not currently support password protected files. These files are removed during the sanitization process.
7. Are there file or device size limits?
- Single file size is currently limited up to 1 gigabyte (the actual limit depends on the file type and its composition). XD Air supports Hard Drives and Solid State Drives larger than 30 gigabytes. (We have successfully tested 1 terabyte drives).
8. How long will XD Air take to sanitize my files?
- The total time needed to sanitize files depends on the number, the size, and the type of files on the device or media.