1.5. Overview of the GBox

GBox is a device that can operate independently or in conjunction with the GCenter.

This appliance enables:

automatically receiving suspicious files requiring in-depth malware analysis, without having to rely on an external service
Analysing suspicious files on demand from the GCenter's Web UI interface
sending reports back to the GCenter for files submitted to it that are visible from the GCenter's Web UI and from the GBox's Web UI
Analysing files directly on the GBox Web UI and generating a corresponding report
users to manually analyse domain names that were generated by the Domain Generation Algorithm (DGA).

It is equipped with four complementary analysis engines, enabling static, dynamic, and heuristic analysis, as well as detection of shellcode and an engine to identify domain names generated by the DGAs.

These analysis engines are discussed in more detail in the Analysis engines section.

1.5.1. Server templates

For more information, please refer to the Mechanical characteristics section.

1.5.2. List of the GBox inputs / outputs

The GBox comprises:

Item	Name
4	RJ-45 connector `GBX0`: management interface and link with the GCenter . RJ-45 connector `GBX1`: interface dedicated to Virtual Machines for Internet access, Gnest VMs can be accessed via this link. RJ-45 connector `GBX2`: Not used RJ-45 connector `GBX3`: Not used
5	USB connector: accommodates the USB key enabling disk decryption (standard Linux Unified Key Setup) USB connector: direct access via keyboard This connection mode is deprecated in favour of KVM/IDRAC/XCC and should only be used as a last resort.
6	VGA connector: direct access with a screen. This connection mode is deprecated in favour of KVM/IDRAC/XCC and should only be used as a last resort.

Note

Connector details can be found in the Dell EMC PowerEdge R640 Installation and Service Manual.

1.5.2.1. Use of USB and VGA connectors

Connecting a keyboard and monitor enables direct access to the GCenter console interface.

Important

This mode is deprecated.

It should only be used during initial installation and for advanced diagnosis.

1.5.2.2. Access to the server's management and configuration interface

Access to this management interface is via HTTPS:

On a Dell server, this connector is called iDRAC. It is noted on the KVM/IDRAC diagram
On a Lenovo server, this connector is called TSM: This connector can be identified by a wrench symbol on the bottom of it.

1.5.2.3. Interface network `Gbx0`

This interface enables remote administration using the SSH protocol to access:

The installation/configuration menu
The Web user/administration interface

This interface also serves to send files to be analysed from the GCenter to the GBox.

1.5.2.4. Interface network `Gbx1`

This network interface enables the Gnest engine's virtual machines (sandboxes) to access the Internet directly or via a proxy.

This access is optional and must be configured.

1.5.2.5. Electrical connection

The server has two electrical power supplies, each of which has the necessary power to operate the equipment.

It is strongly recommended that each power supply should be connected to a separate power supply.

1.5.2.6. USB connector and LUKS key

During installation, the contents of the disks (excluding /boot) are encrypted using the LUKS standard.
During this process, a unique encryption key is created and placed on the USB stick connected to the equipment.
Upon start-up, the USB key must be plugged into the equipment to allow the disks to be decrypted.
It is strongly recommended to make a copy of this key because, in the event of failure, the data on the disks will no longer be accessible.
Once the system has started up, we recommend removing this USB key and placing it in a secure place (e.g. a safe).