IronKey ships uber-secure D200 USB flash drives
By Darren Murph 
posted Nov 4th 2009 4:22AM
posted Nov 4th 2009 4:22AM
IronKey has never been one to shy away from sensational claims, but for whatever reason, it's announcing its newest secure drive in a rather low-key fashion. Or, somewhat so. The D200 range of USB flash drives are said to be more manageable and secure than ever, offering up the peace of mind necessary in government and enterprise scenarios. The new devices include policy enforcement, usability and field-maintenance capabilities, a dual-channel architecture for rapid transfers, the ability to double as an authentication token and a self-defense mechanism designed to resist "physical, malware and password attacks." It's available in 1/2/4/8/16GB capacities and should withstand most encounters with water and shock, though it's on you to dig up the presumably lofty MSRPs.
Can it deal with the shock I get when I see said prices?
Here's how to deal with that shock:
1. Go and buy a $10 USB stick.
2. Put a TrueCrypt volume on it with a good password (www.truecrypt.org/).
Total cost: $10. Less if you already have a USB stick.
It won't be resistant to water and extreme shock, nor will it be usable as an authentication token. It will, however, be every bit as scallywag-proof as the IronKey module.
@ j_g_puff
That's what I do, I love it! Plus some other type of bio encryption =D
@ j_g_puff
Also put on firefox portable for good measures.
Have the ironkey, love it. While truecrypt I'm sure rocks, I'm an idiot with that stuff an just need a drive I can plug in to any pc or mac and access with my password. I have zero worry about leaving it out on my desk. (other than if my office mates decide it would be funny to type the wrong password 10 times an fry the innards)
@j_g_puff:
You have to be careful with flash drives and Truecrypt volumes. Even the Truecrypt docs warn against it's use on that kind of media:
http://www.truecrypt.org/docs/?s=wear-leveling
Although, to be honest, for most people this is secure enough.
If you are really paranoid, a hardware encrypting USB stick would be much safer, and Ironkey makes some of the best ones of those.
Well spotted, Fro.
I suppose there are two ways around this:
1. Don't decrypt the volume on the drive: copy it to a computer first. Of course, when you copy the re-encrypted volume back, it may not necessarily overwrite the original volume, leaving an attacker with two versions of the same volume. The may weaken the encryption, but only very slightly (as far as my understanding goes).
2. Make the volume the same size as the USB drive, then the re-encryption process will definitely overwrite any decrypted information that was previously on the drive, wear levelling or not.
I really know nothing about this, but as far as I know the wear levelling mechanisms are often built into the flash chips themselves...if this is true, it would take a pretty dedicated and well-funded attacker to bypass the mechanisms and access the memory cells directly.
Please, correct me if any of the above is wrong.
I have one of these and it won't let me use it, it feels I am too "shifty-looking"
What's all the big fuss? There are virtually no differences between the S200 and the D200. Have a look at Ironkey's own comparison
https://www.ironkey.com/compare-hardware
I can see the color change, if Apple can charge more for the black one...
Yeah you are righ, just access speed increase from the multi-channel architecture. Everything seems exactly the same.
I have an Iron Key. It's very nice. I like the build quality more than the security. The cost per gig though is insane. But the flash memory in it is pretty fast.
@j_g_puff Your scenario may be true for a personal scenario, though IronKey's personal devices come with a secure sessions widget that allows anonymized browsing through a specially customized version of Tor, which is nice. They are also engineered very nicely and very fast for USB storage.
In an Enterprise scenario, however, which is what these are mostly aimed at, the IronKey offers some nice features that no one else currently offers. You can remotely disable the key, or even permanently destroy the key, assign policies about number of wrong passwords before erasure/destruction, track locations where the key has been plugged in, securely back up the data, retrieve a lost password, etc. These things all assume internet access, of course, but internet access is pretty ubiquitous now. There is also a policy setting for a number of times the key is allowed to be unlocked if internet access is not available, so the key can be disabled that way as well.
In a time when a data breach costs $300/record and with the size of these devices capable of holding tens to hundreds of thousands of records, paying $199 for 16GB is a no-brainer. End-point security is a big deal in most enterprises, and these offer a good control over data leakage.
I don't work for IronKey but I administer them in our environment, and like them a lot.
Diluted,
Agreed. I was thinking from a day-to-day personal point of view: I assume that Indefinite Implosion wouldn't have been worried about the prices if his employer was footing the bill!.
I must admit, I don't have much experience of this sort of technology from an enterprise point of view. I didn't realise how much more there was to these devices. Achieving the functionality you mention would be very tedious with only free software, and certainly not much fun for your typical non-geeky Enterprise Joe.
However, I'm still puzzled about something: if your data is sensitive enough to warrant all the protection measured you listed, why are you letting your users routinely walk around with it in their pockets? In my mind, forbidding them to take it off site (except where totally necessary) seems more secure. Ultimately, this comes to mind: http://xkcd.com/538/
Just curious.
Can it survive the 2 year lifespan my Kingston 8GB DataTraveler had before it died on me?