|At a glance|
|Product||Bitdefender Box () [Website]|
|Summary||Security appliance designed for home use|
|Pros||• Does not need to be inserted between router and network|
• Includes Bitdefender software subscription
• 24x7 phone support
|Cons||• Inspects only outbound traffic to internet|
• Not easy to install
Bitdefender is a Romanian cybersecurity and anti-virus software company founded in 2001, serving both corporate and home users. Like other AV and anti-malware companies, Bitdefender's products are available in different suites covering Windows, Mac OS, Android and iOS devices.
However, today's security threats aren't limited to devices running popular OSes. So Bitdefender Box was launched back in 2015 to address security for the Internet of Things. The product has had time to evolve since then. So I expected a mature product, capable of handling most anything thrown its way. That's not what I discovered, however.
On the surface, the Box is a pretty unassuming device. It is a small white plastic square measuring just 3.5" x 3.5" by 1.1" high. The front has a single LED on the underside, and the rear has just two 100 Mbps Ethernet ports and power port. So if you have internet service over 100 Mbps, you can skip the rest of this review.
I'd show you a picture of the Box's components, but Bitdefender made the box with a plastic clip that would have broken had I tried to pry it open. This 2015 DigitalTrends review says Box has a single-core 400MHz MIPS microprocessor, 16 MB of flash and 64 MB of DDR2 RAM. It also has a 2.4 GHz 802.11bgn radio that is used only if you configure Box as a router.
Bitdefender Box Rear
Before physically connecting the device, you install the Bitdefender Box App on your iOS or Android device. Note, the Bitdefender Box App is different from the Bitdefender Box Agent. The App is used to manage the Box and the network and provide notifications of issues on your network. The Agent is installed on devices and provides additional security protection. I'll describe both the App and Agent in more detail throughout this review.
The Bitdefender App can be installed on iOS and Android devices. I installed the Bitdefender Box App on my iPhone 6s running iOS 10.3.3. I then followed the instructions on the printed installation pamphlet that came with the Bitdefender Box. The installation methods include installing the Box with a router, with an Apple Air Play device, or without a router. I followed the instructions to install the Box with a router.
Once the App is up and running, you're able to connect the Box to your network and complete the install steps on the App. The primary installation method for the Box is to connect a single Ethernet cable to either of the Box's Ethernet ports and the other end of the Ethernet cable into a LAN port of your router as illustrated below.
Bitdefender Box Installation
Once connected, the Box will send a DHCP request to your router to get IP address information. The Box will then statically assign itself an IP address and subnet mask on the same network as your router, as well as statically assign the router's IP as its gateway. The Box will then try to access your router and disable its DHCP server. If the Box can't access your router and disable your router's DHCP server, as in my case using a Ubiquiti Edge Router Lite, you'll be directed via the App to log into your router and disable the DHCP server on your router manually.
Once the DHCP server is disabled on your router, the Box will become the DHCP server for the network. The Box will provide IP addresses on the same subnet as the router via DHCP to all devices on the network. In addition, the gateway and DNS IP addresses provided by the Box to your devices will be the Box's IP address.
The Bitdefender Box relies on your router to manage your Internet connection, and per Bitdefender, "Box has no perceivable impact on your network as long as your Internet speed does not exceed 100 Mbps."
Once the Box is installed, the App presents a message that it will take an hour to see details about your home devices, as shown below. I confirmed with Bitdefender tech support that information in the App refreshes every 60 minutes.
Bitdefender App Startup
How Does It Work?
Devices protected by the Box will now have an IP address on the same subnet as the Box and your router, and the Box's IP address as both their gateway and DNS server. When a device on the network sends data to the Internet, such as a request for a web page, it will send the request to its gateway, which is the Box.
Here's where it gets interesting. The request sent by your device has your device's IP address and MAC for source addresses, plus the website's IP address and the Box's MAC address as destination addresses. So the Box will inspect the request. If the Box deems the website you're going to is potentially unsafe, it will drop the request
If the request is deemed safe, the Box will rewrite the request with the device's IP address and the Box's MAC address for source addresses, plus the website's IP address and the router's MAC address as destination addresses. The Box will then forward the request to your router.
Your router will receive the request, strip off the MAC addresses and perform Network Address Translations (NAT) where it will rewrite the request with the router's IP address as the source and the website's IP address as the destination. The router will update its NAT table to remember the request came from your device's IP address. The packet will then be forwarded out your Internet connection.
Once the packet returns, your router will check its NAT table and see the above request for the web page came from your device's IP address. The router will then rewrite the packet with your device's IP address as the destination.
Now comes a key sequence. Since the router didn't receive the original request from your device but rather the Box, it doesn't have your device's MAC address in its ARP cache. Subsequently, the router does an Address Resolution Protocol (ARP) request to get the MAC address of your device. Your device will reply directly to the router's ARP request with its MAC address, allowing the router to forward the packet withyour device's IP address and MAC address as the destination addresses. This allows the router to forward the return traffic directly to your device, bypassing the Box!
The above may seem overly detailed, but it highlights a key aspect of how the Box inspects traffic. The Box inspects outgoing traffic only!
I also noticed the Box does not inspect DNS requests. Although the Box announces itself via DHCP as the DNS server on your network, it is simply forwarding DNS requests to the DNS IP addresses it received via DHCP from your router.