Custom Search

Friday, January 29, 2010

IronKey Personal S200.

Wal-Mart.com USA, LLC

fisheye washing machine, originally uploaded by Ikayama.
Appliances at Sears.ca

ArabicChinese (Simplified)Chinese (Traditional)DeutchEspanolFrenchItalianJapaneseKoreanPortugueseRussian

How many hardware manufacturers post YouTube videos showing their products being crushed by trucks or soaked through multiple washing machine cycles? Billed as "the world's most secure flash drive," the IronKey Personal S200 ($79 direct for 1 GB model) is a USB drive that's incredibly tough both physically and cryptographically. It includes an onboard secure anonymous browser as well as with password management that's significantly improved over that offered by the previous IronKey Personal. And it now comes in capacities up to 16 GB ($299 direct).

From the moment you plug it in, the IronKey focuses on security. The key offers a virtual keyboard for keylogger-proof entry of its master password. An indicator turns green when your password is strong enough. The password feeds into an algorithm that generates unique internal keys for encrypting stored files.

Once you've initialized your IronKey, you create an online IronKey account, which is required for getting updates, backing up your password, and using the device's anonymous browsing features. The password for this account needn't be the same as the device's own password, since one account can track multiple IronKeys.

From an unlocked IronKey, a single click opens the online account; logging in without the IronKey is a more complex process. After you enter your username, the site displays a picture you have previously selected. A fraudulent site won't have that picture, so don't enter your password until you see the right picture. This two-step process authenticates you to the site and authenticates the site to you; nice!

Hardy Hardware

As with the previous S100 model, the IronKey is physically tough. Metal shielding protects its internal electronics and an epoxy filling keeps the outer metal shell from being crushed. According to IronKey the device has been tested up to 40,000 feet in the air and 20 feet underwater. It resists impact damage and can take 16 G's of sustained force. Each IronKey has a unique serial number and a spot to engrave your name. Not every element of the Army's standard for toughness (MIL-STD-810F) applies, but IronKey meets all those that are relevant.

As a bonus, the flash memory used for data storage is "high-quality SLC NAND flash in dual channels" that's faster and longer-lasting than what's used in most flash drives. In a quick test, I found that Windows reported a file-copy speed almost four times better than that of a handful of other flash drives I tried.

As for cryptographic toughness, the IronKey S100 passed Level 2 certification in the Cryptographic Module Validation Program, as defined by the Federal Information Processing Standard (FIPS 140-2 Level 2). The S200 goes a step further, attaining FIPS 140-2 Level 3. Briefly, that means the product is both tamper-proof and tamper-evident (people likely won't be able to tamper with it, and you'll know they tried). Its internal cryptography chip includes a true random number generator and serves as storage for the AES encryption keys generated during initialization. This extremely secure memory also has room to store a private encryption key.

If the bad guys get hold of your IronKey there's not much they can do with it. Physically removing the electronic parts will destroy them, and if they try ten wrong passwords in a row the device will quietly and permanently self-destruct.--Next: Secure File Storage

Secure File Storage

An unlocked IronKey shows up in Windows Explorer as two drives, IronKey Unlocker and IronKey Secure Files. Putting files into secure storage is as simple as dragging them to the Secure Files drive. For total protection, you'll want to shred the unsecured original using a secure deletion utility.

IronKey doesn't come with a shred utility, but its ability to incorporate portable applications means you can add your own. Here "portable" means an app that requires no installation and doesn't use the host computer's Registry. Just search the Web for a free portable shred utility. Copy it to the IronKey, then right-click in the Applications area of the control panel and add it. Presto! You have a portable file shredder on your IronKey.

New in this edition is an option to unlock the secure files in read-only mode. That way even if you're using a dubious computer in a shady internet cafe you can be sure nothing malicious can sleaze onto the IronKey. Do note that you must actively lock the drive before unplugging--"Safely Remove Hardware" isn't sufficient.

Of course, if you move all your important files to the IronKey and then lose the darn thing you're in trouble--but maybe not too much. The built-in secure backup function can make an encrypted local copy of the device's entire contents. So you can restore the backup to a new IronKey if your existing one gets lost or stolen.

Secure Anonymous Browsing

The IronKey control panel links to a modified copy of Firefox that resides on the device itself. All temporary files, cookies, history, and so on also stay on the IronKey, so you can use this browser on a "foreign" system without leaving traces behind. You may find IronKey's browser balked by a firewall or other security software on that foreign system, though, especially if you only have Guest access.

For a second level of browsing safety click the icon at bottom right to enable a secure session. Now all of your traffic is routed through an ever-changing collection of servers using the TOR (The Onion Router) protocol. Web sites see the IP address of whichever server is active while your own address is concealed. The public TOR network relies on volunteers for its servers, so it could conceivably be compromised; IronKey's TOR network uses only servers controlled by IronKey.

All this packet-hopping noticeably slows browsing and occasionally generates spurious "not found" errors. In addition, sites like Google that automatically adjust for your locale will do so for the anonymous server's location, not yours. Fancy using Google in Greek, or Dutch? Fortunately, you can turn the secure sessions feature off with a quick click when not needed.--Next: Improved Password Management

Improved Password Management

The identity manager feature is a big step up from the S100's password manager. It's much more powerful and flexible. For now, it lacks the general-purpose form-filling capacity of its predecessor, as IronKey is still working on upgrading that component. But form-filling isn't nearly as central to security as password management.

When you log into a secure site using Internet Explorer or the onboard Firefox, identity manager pops up and offers to save your credentials. Like LastPass 1.5, IronKey lets you save in a specific folder, but, unlike LastPass, IronKey doesn't let you create that folder on the spot.

Next time you visit the site, identity manager fills in your credentials for you. Better yet, click the new IronKey icon in your browser's title bar and choose the site from the menu that appears. This will both navigate to the site and log you on.

Some sites use non-standard fields for login. Clicking the Advanced Add button brings up a multi-tabbed dialog that lets you add any fields found on the page and identify them as username and password. Another tab lets you define whether the login applies to the entire domain, the subdomain (if any), or just the current page--that helps when you hit one of the multi-page logins popular with bank sites. I found that identity manager handled every site I threw at it, even some with really odd login systems.

Identity manager can now import login credentials stored in Internet Explorer and Firefox. In addition it will import data from RoboForm Pro 6.0 and KeePass Password Safe. There's no import option for LastPass, but I found that in Internet Explorer identity manager would happily capture information that was automatically entered by LastPass. Identity manager can also manage passwords for e-mail clients and other non-browser applications that require login.

In the main identity manager window you can create folders and easily organize your logins using drag and drop--the folder structure becomes the menu structure for the titlebar menu. Password generation is much improved, with options that will let it match the password policy for any web site. Like LastPass and RoboForm it can even avoid easily confused characters like zero and capital O.

Here's an exciting new feature. Many Web sites, including eBay, PayPal, and GEICO, support Verisign Identity Protection. This feature requires the use of a one-time password at each login, generated by a security token you carry around. Your IronKey will not only act as the password-generating token, it will also fill in the one-time password for you. If you see the Verisign VIP icon on a Web site, enabling this feature will give that account two-factor protection.

IronKey is still the only USB drive that I'd run over with a tractor. It's secure enough for government black ops, and for us non-spooks the improved password management is a real boon. I haven't come across any secure USB drive that's nearly as tough as IronKey.

More Security Product Reviews:

Source Citation
"IronKey Personal S200." PC Magazine Online 3 Dec. 2009. Academic OneFile. Web. 29 Jan. 2010. .


Gale Document Number:A213516272

*****468x60 Spring/Summer 09Personalized MY M&M'S® Candies HomeCenter.com: Save on all Products!Shop home appliances at Rainbow ApplianceBBB Reliability Program Member(Web-Page) http://dryer.vent.cleaner2008.googlepages.com
(Album / Profile) http://www.facebook.com/album.php?aid=10030&id=1661531726&l=6a081800d6Shop the Official Coca-Cola Store!
ArabicChinese (Simplified)Chinese (Traditional)DeutchEspanolFrenchItalianJapaneseKoreanPortugueseRussian

No comments: