http://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/ Engadget Comments for IronKey ships uber-secure D200 USB flash drives http://www.engadget.com/media/feedlogo.gif http://www.engadget.com en-us Copyright 2012 Weblogs, Inc. The contents of this feed are available for non-commercial use only. Blogsmith http://www.blogsmith.com/http://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/http://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/Nov 4th 2009 4:55AMhttp://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/http://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/
https://www.ironkey.com/compare-hardware]]>Nov 4th 2009 6:34AMhttp://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/http://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/
Yeah you are righ, just access speed increase from the multi-channel architecture. Everything seems exactly the same. ]]>Nov 4th 2009 7:57AMhttp://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/http://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/
1. Go and buy a $10 USB stick.
2. Put a TrueCrypt volume on it with a good password (www.truecrypt.org/).

Total cost: $10. Less if you already have a USB stick.

It won't be resistant to water and extreme shock, nor will it be usable as an authentication token. It will, however, be every bit as scallywag-proof as the IronKey module.]]>Nov 4th 2009 7:38AMhttp://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/http://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/Nov 4th 2009 9:49AMhttp://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/http://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/
That's what I do, I love it! Plus some other type of bio encryption =D]]>Nov 4th 2009 9:49AMhttp://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/http://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/
In an Enterprise scenario, however, which is what these are mostly aimed at, the IronKey offers some nice features that no one else currently offers. You can remotely disable the key, or even permanently destroy the key, assign policies about number of wrong passwords before erasure/destruction, track locations where the key has been plugged in, securely back up the data, retrieve a lost password, etc. These things all assume internet access, of course, but internet access is pretty ubiquitous now. There is also a policy setting for a number of times the key is allowed to be unlocked if internet access is not available, so the key can be disabled that way as well.

In a time when a data breach costs $300/record and with the size of these devices capable of holding tens to hundreds of thousands of records, paying $199 for 16GB is a no-brainer. End-point security is a big deal in most enterprises, and these offer a good control over data leakage.

I don't work for IronKey but I administer them in our environment, and like them a lot.]]>Nov 4th 2009 10:50AMhttp://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/http://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/
Agreed. I was thinking from a day-to-day personal point of view: I assume that Indefinite Implosion wouldn't have been worried about the prices if his employer was footing the bill!.

I must admit, I don't have much experience of this sort of technology from an enterprise point of view. I didn't realise how much more there was to these devices. Achieving the functionality you mention would be very tedious with only free software, and certainly not much fun for your typical non-geeky Enterprise Joe.

However, I'm still puzzled about something: if your data is sensitive enough to warrant all the protection measured you listed, why are you letting your users routinely walk around with it in their pockets? In my mind, forbidding them to take it off site (except where totally necessary) seems more secure. Ultimately, this comes to mind: http://xkcd.com/538/

Just curious.]]>Nov 4th 2009 12:13PMhttp://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/http://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/Also put on firefox portable for good measures.]]>Nov 4th 2009 12:46PMhttp://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/http://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/Nov 4th 2009 12:47PMhttp://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/http://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/Nov 4th 2009 3:18PMhttp://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/http://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/
You have to be careful with flash drives and Truecrypt volumes. Even the Truecrypt docs warn against it's use on that kind of media:
http://www.truecrypt.org/docs/?s=wear-leveling

Although, to be honest, for most people this is secure enough.

If you are really paranoid, a hardware encrypting USB stick would be much safer, and Ironkey makes some of the best ones of those.]]>Nov 4th 2009 6:01PMhttp://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/http://www.engadget.com/2009/11/04/ironkey-ships-uber-secure-d200-usb-flash-drives/
I suppose there are two ways around this:

1. Don't decrypt the volume on the drive: copy it to a computer first. Of course, when you copy the re-encrypted volume back, it may not necessarily overwrite the original volume, leaving an attacker with two versions of the same volume. The may weaken the encryption, but only very slightly (as far as my understanding goes).

2. Make the volume the same size as the USB drive, then the re-encryption process will definitely overwrite any decrypted information that was previously on the drive, wear levelling or not.

I really know nothing about this, but as far as I know the wear levelling mechanisms are often built into the flash chips themselves...if this is true, it would take a pretty dedicated and well-funded attacker to bypass the mechanisms and access the memory cells directly.


Please, correct me if any of the above is wrong.

]]>Nov 5th 2009 8:55AM