QuickView: AlphaShield Hardware Firewall

Photo of author

Tim Higgins

The Pitch

AlphaShield Hardware Firewall
Summary Hardware SPI-based firewall that even your mother could install. Cannot open ports or change any firewall settings.
Update None
Pros • Plug and go setup

• “Stealth” level protection from Internet probes on ports 1 – 65535

• No user adjustments required
Cons • No user adjustments possible

• Expensive compared to more flexible alternatives

• Firewall only – no Internet connection sharing

AlphaShield Hardware Firewall

AlphaShield’s email review pitch for its product of the same name described it as “the only hardware firewall on the market that doesn’t need any configuration. Installation takes only one minute. No maintenance. 100% Unhackable Guarantee or your money back”.

It sure sounded like snake oil, but a quick check of AlphaShield’s website showed the company to be legit. So I fired back an email to the AlphaShield rep. and a sample appeared at my door about a week later.

The Product

One thing I need to make clear up front is that the AlphaShield is not a NAT router. The key consequence of this is that it does not provide Internet sharing. Instead, think of it as providing, for all intents and purposes, the same protection as provided by a NAT – or more accurately NAT + SPI (Stateful Packet Inspection) router – but without requiring, or allowing, any sort of configuration of that protection.

AlphaShield’s marketing material refers to three technologies that the product uses to work its Internet security magic – AlphaGAP, IP Stealth and RPA (Real-time Packet Authorization). The first just refers to the box’s ability to completely stop data flow between its Internet and host computer ports, just as if you physically disconnected your computer from your broadband modem.

IP Stealth means that AlphaShield will discard any ICMP messages it receives from pings or traceroutes, just as routers do when you enable “block WAN ping response” or similarly-named capabilities. Either way, scans directed at your IP address assigned by your ISP won’t receive any response and just continue looking for their next victim.

The RPA explanation in the white paper provided as part of my review material (but not available for download from the AlphaShield website) is the fuzziest of the three and appears to be the AlphaShield’s real “secret sauce”. But though the exact mechanics of RPA may be different, the bottom line is that it provides essentially the same level of “firewall” protection as provided by a NAT router.

The AlphaShield’s packaging makes a good first impression with an informative product box and compact and nicely finished silver and charcoal plastic enclosure. Figure 1 shows that Outbound, Connection and Inbound LEDs grace the font panel – and provide the only indication of the AlphaShield’s operating state. There is no software interface to view or configure, heck, the AlphaShield doesn’t even have a MAC address, let alone an IP address!

AlphaShield front view

Figure 1: AlphaShield front view

The Product, Continued

Figure 2 shows the back panel with the network and power connectors and a single mode switch. The Cable/DSL and PC RJ45 connectors are self-explanatory, while the AUX connector is where you can plug a computer or device that will bypass the protection afforded by the AlphaShield. Think of the AUX port as the equivalent of putting the attached device in DMZ on a typical NAT-based router.

The Mode switch’s Lock and 15 positions both disconnect (via AlphaGAP) the attached device after 15 minutes of inactivity, with the difference between them being that the 15 position will retain the IP address leased from your ISP’s DHCP server while the Lock position may release it.

If this is too much for you to figure out, just leave the switch at its default Auto setting, which has no idle timeout, or experiment with the Lock and 15 positions if you like the idea of the automatic 15 minute disconnect.

AlphaShield rear view title=

Figure 2: AlphaShield rear view

In all modes, you’ll have to press the blue Connect button that forms the left side of the “S” to get the AlphaShield to let you connect to the Internet and the grey Disconnect button should you want to immediately terminate your Internet connection or at the end of your Internet session in the Auto mode. The middle Connection LED glows red when you’re not connected, but since I’m red / green color challenged, I’d would have preferred it to also slowly blink when the AlphaShield takes you offline.

In the end, I think the AlphaShield should be simple enough for its target non-technical user to install, either with or without help from the nicely illustrated and clearly written printed User Guide that comes with it. Although the typical installation will be between a cable or DSL modem and a single PC, AlphaShield also has a document (PDF) that shows the AlphaShield connected into other networking scenarios, including some with routers!

But all NAT-based routers provide simple, but effective blocking of unrequested inbound traffic, and virtually all current-generation routers add some level of Stateful Packet Inspection (SPI) on top of the NAT firewall. So I can’t think of a scenario in which you’d need both an AlphaShield and NAT router, one right behind the other, protecting your LAN.

The Test

Portscanning the AlphaShield resulted in no response to any probes on the full range of ports from 1 to 65535. I was also able to verify that the Inbound light flashed red instead of green, indicating that it was blocking the unrequested packets from the port scan.

I checked Response (ping) Time and Throughput using Qcheck from the computer connected to the PC port to the machine connected to the Cable/DSL port and measured results of 1ms and 6.7Mbps respectively. So users with typical cable or DSL connections shouldn’t see any performance hit due to the AlphaShield’s firewalling.

The Verdict

The AlphaShield definitely does provide an effective firewall and, as AlphaShield’s product pitch asserts, is certainly more robust than Windows’ built-in firewall – SP2 notwithstanding. But although I think it serves its target audience well – the non-technical broadband user with a single computer – I also think that AlphaShield is counting on its target customers’ networking naivete a bit too much.

With consumer routers easily available at $50 or less, which include 4 port 10/100 switches, and that provide essentially the same level of protection, I think AlphaShield’s $100 pricing is twice what it should be. (Shame on those on-line retailers selling it for as much as $169!) And although AlphaShield’s FAQ make it clear that the device does not provide Internet sharing, the FAQ don’t make it as clear that using an AlphaShield and a NAT router isn’t necessary, or is at least redundant.

That said, the AlphaShield could be the perfect solution for protecting a far-away parent or loved one that is foolish (or uninformed) enough to have their computer tied directly to their broadband modem. And think how proud they’ll be when they install it themself!

Related posts

SMC Barricade Plus Cable/DSL Broadband router Review

VPN version of popular Barricade router with SPI based firewall and PPTP / IPsec VPN endpoint, but no printserver or dialup WAN support.Will probably do better with PPTP vs. IPsec-based VPNs

NETGEAR FVS336G-300 ProSafe Dual WAN Gigabit Firewall Reviewed

Updated - NETGEAR's FVS336G-300 ProSafe Dual WAN Gigabit Firewall has much improved performance over the original version, with a notable exception.

QuickView: NETGEAR GS108 ProSafe 8 Port Gigabit Desktop Switch

If you've been looking for a gigabit switch for SOHO use that supports jumbo frames, your search could soon be over. NETGEAR is rolling the feature into this consumer-priced gigabit switch for no extra cost. But getting your hands on upgraded product will be tricky in the short term.