Aegis Fortress L3

Ultra Rugged, Super Fast | Hardware-Based 256-Bit AES XTS Encryption | FIPS 140-2 Level 3 Validated | Software-Free Setup and Operation | Cross-Platform Compatible | Host-Free Onboard Keypad Authentication
$3,589.52 - $195,230.68
Share
SKU:
AFL3
Designed and Assembled in California USA
*FREE GROUND SHIPPING WITH ORDERS OF $200.00 OR MORE (Continental U.S. only)
Product Badges
Product Badges
Product Badges
Product Badges
Product Badges
Product Badges
For Orders Shipping outside of the United States, checkout totals will not include taxes and duties
  • Aegis Fortress L3
  • Aegis Fortress L3
  • Aegis Fortress L3
  • Aegis Fortress L3
  • Aegis Fortress L3
  • Aegis Fortress L3
Add to Cart

Options

$3,589.52 - $195,230.68
Or

Info

SKU:AFL3 ,Width: ,Height: ,Depth:

Info

SKU:
AFL3
Designed and Assembled in California USA
*FREE GROUND SHIPPING WITH ORDERS OF $200.00 OR MORE (Continental U.S. only)
Product Badges
Product Badges
Product Badges
Product Badges
Product Badges
Product Badges
For Orders Shipping outside of the United States, checkout totals will not include taxes and duties

Our fastest, most secure, and most rugged 256-bit AES XTS encrypted USB external drive to date: Aegis Fortress L3

Delivering all of the same next level security features as our Aegis line of secure drives, in an extremely rugged enclosure, and with a new, ultra fast encryption chipset, the L3 is the fastest, most robust, highest capacity drive we've ever made. Tough on the outside, the Fortress L3 is designed to meet NIST's highest level of FIPS validation attainable for portable devices: 140-2 level 3. Small enough to go in a pocket or briefcase, large enough to carry up to 20TB of data, the Fortress L3 allows you to securely and easily carry large amounts of sensitive data everywhere you go. Available in a wide variety of storage capacities in both HDD and high speed SSD models. The Aegis Fortress is Software-Free, 100% hardware-based 256-bit AES XTS encrypted, and onboard keypad PIN authenticated with ultra-fast USB 3.1 (3.0) data transfer speeds. All Data is encrypted on the fly and all PINs and Data remain encrypted while the drive is at rest. Completely cross-platform compatible and OS agnostic; the Aegis Fortress thrives with Windows, Linux, Mac, Android, Symbian and Chrome. It also thrives where software-authenticated encrypted devices can't function, such as embedded systems and equipment in possession of a powered USB port and storage file system but no keyboard.

Featuring AegisWare™

The heart and soul of every Apricorn Secure Device, AegisWare is our patent-protected firmware combined with the industry’s most advanced feature set.

FIPS 140-2 level 3 Validated

The highest level of FIPS validation granted by NIST The Fortress L3 expands the validation boundary beyond the encryption module, to include all of the electronics, the drive, the entire internal structure and the enclosure's fasteners. With FIPS validation (cert. #4529), the Fortress L3 more than meets the U.S. government standards for information technology and computer security. NIST FIPS 140 is the cryptography standard program required by the US federal government for protection of sensitive data.

Our Fastest Read / Write Speeds Yet

The Aegis Fortress L3's new chipset delivers SSD write speed increases of up to 150% and read speeds of up to 180% in comparison to previous Aegis Fortress models. There is also an appreciable performance increase in the HDD models too.

Aircraft Grade 6061 Aluminum Alloy Enclosure

Our toughest enclosure is milled from a solid block of aluminum alloy and sealed closed with tamper resistant / evident uni-directional breakaway security fasteners which are driven and cemented in place with hardened epoxy

Separate Admin and User Mode

Admin (Device Configuration) Mode and User Access Mode. The Aegis Fortress L3 supports one independent Admin and one User PIN. The Admin mode controls the universal programmable settings of the device and can only be accessed with the Admin PIN. The User mode is limited to basic external drive functions like read /write, unlock / lock, etc. The data on the drive can also be accessed with the admin PIN in the User mode.

Admin Forced Enrollment

Unique PIN Must be Established at Time of Setup. Eliminates Factory Default PIN Vulnerability. One of the most common vulnerabilities found in password protected peripheral devices are factory preset default PINs. If left unchanged from original factory settings, these simple default PINs serve as unlocked backdoors to these devices and can easily be used by hackers to to access whatever data is on the drive. As with all Apricorn Aegis secure devices, there are no default passwords, and no backdoors. In order to set up the Fortress L3, or any Apricorn secure drive for that matter, the admin must first establish a sufficiently complex, unique PIN before the device can be used or written to.

User Forced Enrollment

Beyond the admin, one additional user PIN can be generated to access the device's data. This PIN can be set up by the admin at initial configuration, or the device can be deployed in a state of User Forced Enrollment, where the intended user must first establish his or her own PIN prior to using the device.

Data Recovery PINs

Creates State of User Forced Enrollment that Restores Access to Drive. In the event that a User PIN is forgotten, Recovery PINs can be programmed by the admin into the device at time of setup (and any time thereafter) to permit access to the drive’s data by creating a new state of User Forced Enrollment leaving the Admin PIN and the drive’s data intact. Once a replacement User PIN is generated, access to the drive is restored for the user and that new User PIN serves to replace the previous forgotten one.

Aegis Configurator Compatible

Windows-Based App that Quickly Sets Up Multiple Devices Simultaneously. Create custom profiles and mass configure multiple devices in a matter of seconds using the Aegis Configurator. To configure an expanded number of devices, use the Powered Aegis Configurator Hub bundle.

Polymer-Coated Wear-Resistant Onboard membrane Type Keypad

Drive is Unlocked by Entering a PIN on Keypad and not the Host Computer’s Keyboard. Until the device is unlocked via its keypad, it remains invisible to the host. The embedded keypad circumvents all hardware and software key logging attempts to capture passwords by excluding the host system from the authentication process. Polymer-coated membrane-style keypad is wear-resistant to prevent revealing the drive's most commonly used buttons.

Two Read-Only Modes

Global, All Access Settings Controlled by Admin, and User Mode Controlling Individual Settings. Employed in situations that require the drive’s contents to be kept intact and unaltered for later examination. The two Read-Only modes are as follows: Universal Read Only is set by the admin from within the admin mode and can’t be modified or disabled by anyone but the admin. The second read-only mode can be set and disabled by a user but can also be enabled or disabled by the admin as well.

Programmable PIN Lengths

Admin Designates Minimum and Maximum PIN Lengths (between 7 and 16 Characters). The longer the PIN, the more secure the data on the device becomes. For example, the odds of brute force success go from 1/10,000,000 with a 7-digit PIN to 1/100,000,000 with an 8 digit PIN. In cases where the User sets up his or her own PIN from User Forced Enrollment, the Admin can set an enhanced User password length requirement as part of the overall security policy.

Brute-Force Defense

Select the Number of Consecutive Invalid PIN Attempts Permitted (4-20) Before Crypto-Erase. Unlocked (authenticated) by entering a PIN on their own onboard keypad. Since the PIN is not entered using the host computer’s keyboard, they are not vulnerable to software or hardware-based key-loggers or software-based brute force attacks. However, if the device comes under a physical brute force attack, your data is protected with a programmable “Brute Force Hack Defense Mechanism” which, if the programmed number (between 4 and 20) of consecutive incorrect password entries has been attempted, the device will delete its own encryption key and destroy the ability to decrypt its stored data.

Unattended Auto Lock

Programmable Length of Time of Inactivity Permitted Before Drive Locks Itself. All Aegis Secure Drives will automatically lock once disconnected from a computer’s USB port or the power to that USB port is interrupted, or after a pre-programmed period of inactivity.

Lock Override

Allows Drive to Remain Unlocked During USB Port Re Enumeration (Virtual Machine, Remote Boot). Designated for specific cases in which the drive needs to remain unlocked through USB port re-enumeration such as during reboot, or passing through a virtual machine.

Drive Reset Feature

All Apricorn Devices can be Reset and Redeployed Over and Over. Drive reset clears both the User and Admin PINs, destroys the data, creates a new randomly generated encryption key and allows the drive to be reused repeatedly, with an infinite number of randomly generated encryption keys, allowing the admn and or user to reset the drive as often as is needed.

Self-Destruct PIN

When Programmed and Activated, Performs a Crypto-Erase and Becomes New Access PIN. The last line of defense for data security when the device’s physical security is at risk. The Self-Destruct PIN defends against these physically compromising situations by erasing the drive’s contents, leaving it in normal working order appearing yet to be deployed

LED Key Press Indicator

Visually Confirms Successful Button Presses via the Device’s LEDs.

IP Certification (pending)

Dust and Water Resistant Durable Aluminum Alloy Housing and Membrane Keypad Protecting data goes well beyond encryption. Tough enough to go anywhere, the Aegis Fortress’s resilient design makes it perfect for travel and field applications. The Aegis Fortress is tamper-evident and well protected against physical damage.

Two Interchangeable USB 3.1 / 3.2 Cables

The Aegis Fortress L3 is compatible with all USB connector types Ships with a USB type A connector, backwards compatible with all previous USB ports 1.0, 2.0 , 3.0; The C type connectors is compatible with newer Mac Powerbooks.

Data Transfer Rate

USB 3.0 - up to 5 Gbps

Power Supply

100% Bus Powered

Buffer Size

8MB

Interface

Super Speed USB 3.2 type A and C (Type A is Backwards compatible with USB 2.0 and 1.1)

RPM

5400 HDD

Average seek time

12 ms

Shock - non operating

650G 1ms

Shock - operating

300G 2ms

Dimensions HDD

500GB / 1TB / 2TB: 16.5mm X 77mm X 122mm (0.65” X 3” X 4.8”) | 3TB / 4TB / 5TB: 24.5mm X 77mm X 122mm (0.97” X 3” X 4.8”)

Weight

HDD 500MB - 2TB: 9.9 oz | 3TB - 5TB: 13.7oz | SSD 512MB - 8TB: 7.6oz | 16TB - 20TB SSD: 11.9oz

Warranty

3 year limited

Approvals

FC CE | FIPS 140-2 Level 3 Validation

Certification Policies

ECCN / HTS / Cage Code

5A992.c / 8471.70.5065 / 3VYK8

System Requirements
Compatible with all Operating Systems, including Windows, Mac and Linux Requires USB port

Comments

One gigabyte (GB) = one billion bytes; accessible capacity will be less and actual capacity depends on the operating environment and formatting.

SSD Specs

Data Transfer Rate

Up to 370 MB/sec | *To achieve these data transfer speeds, your computer's internal drive must also be solid state. Otherwise, the transfer rates will be limited to the speed of your internal HDD

Power Supply

100% Bus Powered

Buffer Size

8MB

Interface

USB 3.2 gen 1

Average seek time

0.1 ms Access Time

Shock - operating

1500G/0.5ms | Virtually shock and vibration resistant

Dimensions SSD

512MB / 1TB / 2TB / 4TB / 8TB: 16.5mm X 77mm X 122mm (0.65” X 3” X 4.8”) | 16TB / 20TB: 24.5mm X 77mm X 122mm (0.97” X 3” X 4.8”)

Warranty
3 Year Limited
Approvals
FCC, CE | FIPS 140-2 Level 3 Validated

Certification Policies

ECCN / HTS / Cage Code

5A992.c / 8523.51.0000 / 3VYK8

System Requirements
Compatible with all Operating Systems, including Windows, Mac and Linux Requires USB port (for maximum speeds must be used with a USB 3.0 port) - Backwards compatible with USB 2.0 and 1.1 One gigabyte (GB) = one billion bytes; accessible capacity will be less and actual capacity depends on the operating environment and formatting.

Comments

Drive Type: Solid State Drive

Encryption: 256-bit AES Hardware Encryption

Operating Temperature Range: -40°F to 158°F (-40°C to 70°C)

Operating Humidity Range: 95% humidity at temperatures under 131°F (55°C)

Vibration: 20G/20-2000Hz

02-05-2020 | Brad Scher


The Aegis Fortress L3 is the latest addition to the extensive line of secure external storage devices from Apricorn, and when the company named it Fortress, it wasn't kidding.

View Full Article

01-24-2020 | Brad Moon


"The ultimate solution for keeping data absolutely secure and locked down when moving it from one PC to another, one location to another, or storing it as a backup, is with a portable drive."

View Full Article

11-25-2019 | Wayne Williams


"A much better, and far safer solution is to store your data on a hardware encrypted USB drive like the Aegis Fortress L3."

View Full Article

09-10-2019 | David Novak


If you’re looking for a secure digital storage solution, take a minute to look at Apricorn’s latest secure storage solution.

View Full Article

09-10-2019 | Julian Perry


The Aegis Fortress L3 gets another Two Thumbs Up and Well Done for build quality, drive speed, and most important, data security!

View Full Article

08-08-2019 | Don Baine


Welcome to The Gadget Professor Show #418 hosted by Don Baine.

View Full Article

07-25-2019 | Alex Schuchter


The Aegis Fortress L3 is a portable SSD that offers external storage for organizations and companies that require the highest level of protection for their data. The drive is a compact sleek black vault for your data that utilizes a built in PIN authentication pad to unlock allowing you to take large amounts of sensitive data wherever you go.

View Full Article

05-01-2019 | Gary Miliefsky, CISSP


If you know me by now, I am a huge proponent of strong encryption everywhere.

View Full Article

05-06-2019 | Les Tokar


Top Level Data Security Hands Down

View Full Article

01-23-2019 | Eric Jacksch


In cybersecurity, one of the few things we can always depend on is cryptography.

View Full Article

01-17-2019 | Jim O'Brien


With GDPR being a talkative subject it is now up to us to safely keep our data under control

View Full Article

12-06-2018 | Adrian Kingsley-Hughes, ZDNet


Hardware-encrypted external storage drives are pretty much a must-have item for enterprise these days, and Apricorn has once again raised the bar with the new Aegis Fortress L3. And it's future-proof, coming with interchangeable Type-A and Type-C connector cables.

View Full Article

Why is my Aegis secure device showing a solid blue/green LED combination when I try to use it?

If the device is showing a solid blue/green LED combination then there is no Admin PIN set. An Admin PIN must be established prior to unlocking and using the drive. Follow steps in the product Quick Start Guide for ‘First Time Use’ to set an Admin PIN and begin using the drive.

Why is the red LED blinking when I attempt to unlock the device?

If the red LED is flashing rapidly then the device has entered Brute Force Protection Mode. This occurs at the halfway point of consecutive incorrect unlock attempts. This number is programmable; the max (and default setting) is 10 attempts. Follow the steps in the product manual which refer to Brute Force Protection to permit the second half of your remaining unlock PIN entries. Note: if all of the allowed attempts are spent on incorrect PIN entries, the device will assume it’s under brute force attack and perform a crypto-erase, rendering all of the device’s data as indecipherable.

How do I know which specific manual to use for my Apricorn encrypted drive?

For Apricorn encrypted drives with a DOM (Date of Manufacture, found on original packaging label under the UPC code) of September 2017 to the present date, refer to the manual with product’s name and the word “Configurable” in the title. If unsure of manufacture date, all Aegis Configurator compatible devices have the “Configurable ‘C’” logo on the back. For older non-configurator compatible secure drives, refer to the manual that doesn’t have “Configurable” in the title.

Why is my device locking and entering standby mode while it is still connected to my PC?

If your encrypted Aegis secure device is locking when it is connected to a PC running Windows 8 or Windows 10 it is most likely due to suspend commands that Windows is issuing to the drive in order to reduce power consumption. When Windows suspends an Aegis secure device it will lock. The PIN must be entered again in order to unlock and use the drive. The following instructions will show you how to configure Windows to stop issuing suspend commands: https://www.thewindowsclub.com/prevent-hard-drive-going-sleep-windows

Why is my drive locking and entering standby mode while connected to my PC even after I have configured the power settings correctly?

If Windows continues to suspend your Apricorn encrypted drive, causing it to return to its standby mode, a registry edit will need to be run in order to tell Windows to stop that suspension. Please fill out the following form for technical support and you will receive a reply with the necessary registry edit:
 
https://apricorn.com/product-support-request

Why is my drive locking and entering standby mode while it is still connected to my Mac?

There are Energy Saver system settings within the Mac OS that could be sending suspend commands to the Apricorn drive, forcing it to lock when not in use. To disable these settings, open the system preferences in the Mac OS and navigate to the Energy Saver settings. There is an option here to “put hard disks to sleep when idle.” Uncheck this option and the Aegis secure device should stay unlocked as long as the Mac is not put to sleep/shut down.

What can I do if I forget the Admin PIN?

IF the Admin PIN was the only PIN generated in initial device setup then the only option is to perform a device reset and establish a new Admin PIN. All device's data will be lost as a result of device reset. If User PIN(s) and / or data recovery PINs (Configurator-compatible devices only) were created at initial setup, then it is possible to unlock the device using any of these PINs.

What can I do if I forget the User PIN?

Access the drive using the Admin PIN. Follow the steps in the manual to remove the User PINs (which will also remove all recovery PINs and self-destruct PIN) and then add new User PIN(s). If your device has a “Configurable” symbol on it, up to 4 recovery PINs can be programmed onto the device (typically by the Admin during initial configuration). If you forget your original user PIN, the recovery PINs will allow you to create a replacement User PIN. If your drive was issued by your workplace, your IT Administrator/Help Desk should be able to provide you the recovery PIN. Once the new User PIN is set up, you will be able to unlock the drive and access your data. If Recovery PINs were not created at initial setup, the Admin PIN can be used to unlock the drive and recover the data. Additionally the Admin can generate a new User PIN(s) from within the Admin mode. In the event that no recovery PINs were set and both the User and Admin PINs are forgotten, the drive can be reset and used again but all of the device's data will be lost as a result of the reset.

What if I forget all the PINs on my Aegis Configurator-Compatible Secure Device?

If you forget the User and Admin PINs you may still access the device using a data recovery PINs, provided they were established at initial device setup. If data recovery PINs were NOT established, you will not be able to access or recover any of its data. There are no back doors or hidden manufacturing codes that will allow data access. To resume using the device, you will need to completely reset which will result in the following:

  • All data on the drive will be erased
  • A new encryption key will be generated automatically
  • All PINs will be deleted (Admin, User, Self-Destruct, Data-Recovery)
  • A new Admin/User PIN(s) will need to be established
  • Data Recovery PINs should be established
  • The Aegis Secure Device will need to be reformatted

What if I forget my PIN on my non-configurable Aegis Secure Device?

If you forget the User and Admin PINs, you will not be able to access the data. Recovery of the data will not be possible. There are no back doors or hidden manufacturing codes that will permit access to its data. You will need to completely reset the Aegis secure device which will result in the following:

  • All data on the drive will be erased
  • A new encryption key will be generated automatically
  • All PINs will be deleted (Admin, User, Self-Destruct)
  • A new Admin/User PIN(s) will need to be established
  • The Aegis Secure Device will need to be reformatted

What is an Aegis secure device?

Aegis secure devices are any of our 256-bit hardware-encrypted drives as follows: Aegis Secure Key 3, Aegis Secure Key 3nx, Aegis Secure Key 3z, Aegis Padlock 3, Aegis Padlock DT, Aegis Padlock DT FIPS, Aegis Fortress, Aegis Fortress L3, Aegis Padlock SSD, and Aegis Bio 3.0

How do I use the Aegis secure device without a PIN?

As a full disk encryption product, Aegis devices can never be used without a PIN.

Is there a problem with leaving the drive in Lock-Override mode?

Potentially. In the lock-override mode, the drive will stay unlocked until either the USB port power is interrupted or the device’s lock button is physically pressed. To protect the contents of the device, use this mode with an abundance of caution, especially when plugged into a powered hub. If the drive is left unlocked and unattended while inserted into a powered hub, it is possible to move the hub's host side USB cable to another computer without interrupting USB power to the unlocked device. It is always a good practice to lock the drive or remove it from the USB port whenever unattended.

What encryption algorithm is used in this product?

The entire family of Aegis secure devices uses an AES-XTS 256-bit algorithm.

What is BadUSB and are Apricorn devices susceptible to this exploit?

BadUSB is a theoretical exploit that was presented by SR Labs at the Black Hat conference in August of 2014. SR Labs demonstrated a vulnerability in one USB device that allowed malicious code to be programmed into the USB controller through a firmware update process. The attack described is very sophisticated and in the case of Apricorn's products would require advanced knowledge of our USB controller, a leaked version of our firmware, the programming tool to update our controller, the password used for our programming tool, and an in depth understanding of the device's functionality, etc. According to SR Labs, the failsafe method to eliminate this threat is to simply disable the ability to update the controller's firmware. Apricorn's devices shipping today, including all of our USB 3.0 security products, Padlock and Padlock Pro families already have the firmware locked which prevents field updates to the USB controller. As a continuous improvement, Apricorn is locking down the firmware on all USB controllers used in Apricorn devices to safeguard against this vulnerability.

What are the ECCN and HST codes used for shipping this device outside the US?

ECCN: 5A992C

 

HTS code for HDD devices: 8471.70.2000

 

HTS code for SSD and Secure Key Devices: 8523.51.0000