Keeping tabs on your Apple Gear… Orbicule Undercover

Since the beginning of the year I have jumped on the Apple bandwagon, and acquired a few of their lovely products. I like the look of them, I like how they work, but I am not the biggest fan of the cost :) However, it obviously hasn’t stopped me becoming a fan. So with cost in mind, one thing that is of course a worry is losing my MacBook Pro, iPhone or other bit of kit. I looked at the Mobile Me offering, but I didn’t fancy paying Apple for more services, when I only wanted one feature. This is when I stumbled across Orbicle’s Undercover, its tracking software for Mac OSX and iOS (iPhone, iPod Touch, iPad). I contacted the guys in Belgium and they were kind enough to let me have a copy to review, so here we go.

I started off with the iPhone. As per usual you need to pop into the App Store, locate Undercover (a quick search soon takes you there) purchase and install. The first thing you will notice at this stage is the cost $4.99 (£3.37) that’s a good way to get started. Once you have installed the App you have to enter an email address that you will register the phone to, and an appropriate name for the device, you will then get a notification to expect an email to setup your Undercover account, you need this for device tracking, and to log into the web console.

Now we check the email and as promised, we have some verification to take care of.

Once we are all signed up we can login to the Undercover Web portal and manage our devices.

Once we are logged in we can instantly see where the iPhone is reported (using Wi-Fi positioning ,GPRS, or  GSM Cell) to be (as the programming is running on the iPhone). We can get information on the iPhone (serial number, etc), we can then report it lost or stolen, and fill out police information, so we can create a nice bundled report to send to the police.

If we decide to do a test and decide our beloved iPhone is lost or stolen, we then have the ability to push an alert to the device.

We can configure our own message, and even force the phone to go to a specific website. Once we press send, just moments later we get the alert on the phone.

When the user goes and views this message, then a little game starts loading. In the background this is launching the Undercover App and sending the co-0rdinates. Personally I am not sure if there is value in this loading splash screen, perhaps it could do with being more stealthy and launch the app in the background. However I appreciate they want to ensure some time elapses whilst the information is sent.

So now as seen earlier when we log into the Undercover Dashboard we can see the co-ordinates, and it will continue to update its location whilst the application is running.

When the device has successfully sent it’s co-ordinates it sends you an email to confirm the device has been located.

Now we have finished playing with this we need to set our device as found.

So there we have the iPhone version, does a decent job of helping you find your lost or stolen device, although I would say the only negative is the requirement for device interaction (thief needs to read the notification), I am not sure if other offerings are fully automated. This solution also works on the iPod Touch and iPad.

So next we have the Mac OSX version, and I have to say I like this alot.

So as you would expect we need to install the application on our Mac, its just under 13Mb so not very big. Once the install has completed the machine will need to be rebooted to get Undercover up and running in the background. It will transfer its position again using the Skyhook Wireless Technology to give its position to around 10 meters.

So as we have seen before we need to log into our Undercover dashboard and add and manage our new device.

Now this time, when we mark our MBP as stolen, as default everything happens in a more stealthy fashion. As expected we get the map location we saw with our iPhone, but we also get details of IP address, we can then lookup the ISP being used, and other funky IP related antics.

We can also get screenshots of what is being looked at at the time the information was collected.

Then for the next trick, if the device is camera enabled, we can literally get a mug shot of the criminal using our device.

So now we can download all this information into a nice little bundle and send it off to our friendly law enforcement people, to recovery it for us :) Its ok, there is a Plan B.

When we enter plan B mode we can move away from the stealth approach and fade the screen away so its very difficult to use, or we can simply blank the screen and have a customised message displayed on screen, making the machine unusable until restored, or formatted.

When this message is displayed, the computer also gives a little cry out for help via the speakers. Something along the lines of “Help, Help, Help, I am a stolen Macintosh Computer, please return me to my owner”

So on the whole I think this is a great product, and even more so as the price is so reasonable. For more information please check out the Orbicule site, and see some more information below on pricing etc.

Undercover Mac

Single User License £30.92 – Covers 1 Mac
Household License £37.23 – Covers up to 5 Macs
Site License £157.13 – Covers up to 25 Macs
Student License £24.61 – Proof of full-time student status will be required
Upgrade to Household £10.10 – Upgrades from a single user to a household license
Volume Education License £6.30 – When ordering 100 copies or more

Undercover iPhone / iPad

Covers all your iPhones and iPads £3.36

We take a look at Elcomsoft iPhone Password Breaker… Its Good

Elcomsoft are a Russian based software company, who make excellent security and audit products. Perhaps the name doesn’t ring a bell, but I am sure if you look at their product offerings you will be more than familiar with their products.

I first heard about Elcomsoft around 2002 I think it was when I needed to do some password recovery for some Office documents, and a colleague had a copy and it did its magic and we had a happy user. Ever since then I have kept the site bookmarked and keep a check on it every now and again.

Fast forward to 2010 and I find myself looking at iPhones and their suitability for use in the corporate world, and then I hear again about Elcomsoft releasing an iPhone Password Breaker (EPPB). So here we are, reviewing this product, and seeing just how it works and if it does what it says on the tin.

At the time of writing the professional version is advertised at £199 and the home version at £79. To see the difference between the version, please see the end of the review, or click here to visit the Elcomsoft site.

Thanks to the guys at Elcomsoft for letting me have a copy to review, and for helping resolving any issues I came across on the way.

So first things first, the EPPB requires a Windows Platform, so I fired up an XP SP3 VM, and a physical W7 box to do some GPU based testing.

Once its installed we need to get hold of our encrypted iPhone backup. So the main file we are looking for is the Manifest.plist file, however if you will want to look at the keychain info you will want the complete contents of the appropriate folder.

When iTunes takes a backup of your iPhone it will include your settings files, from the preferences library, and databases, such as your calls, notes, bookmarks, password etc.

So if your on a Mac you need to look here > /Library/Application Support/MobileSync/Backup
On a PC you need to look here > Documents & Settings\\Application Data\Apple Computer\MobileSync\Backup or Users\\AppData\Roaming\Apple Computer\MobileSync\Backup

So once you have located your encrypted backup its time to fire up the password breaker and point it at the file in question. You will see the details of the device once you have selected it. We can see in this example the backup is that of an iPhone 4.

Now we have our file selected, lets make sure we are using the right hardware. So now we can enable / disable our CPU and GPU options.

So now the hardware is selected, we are almost ready to get cracking :) Now we just need to decide how we are going to go about it. We can use dictionary based attacks and supply files with the information (although it does come with some) or we can configure some brute force settings.

So now we are all configured, and lets face it, its all easy and straight forward. Now we kick off the cracking and watch the speed.

In the image below I am using a dual core Intel 3Ghz processor and a ATI Radeon 5880. As you can see its 15,108 passwords a second, not to shabby at all. My quickest crack was a 7 character dictionary password that was popped in 2.33 secs, GPU for the win. I also tried just a 64Bit Athlon 3Ghz on its own, and it only did 102 passwords a second, I also tried a 2.8Ghz Dual Core Intel in a VM and saw about 300 passwords a second, I then finally tried a cheaper GPU, a NVIDIA 8800 GTX and this provided the power to crunch 3,804 passwords a second.

So now we have the password for this backup. We can now open the file in iTunes and complete a restore if we had forgotten the password. Or we can launch the keychain explorer and have a look at the information stored within the backup from the iPhone, as well as exporting the contents to an XML file.

Obviously I have sanitised the screen shot as it contains information I dont want to share, but you are going to see details of services used, usernames and passwords, access point information and access passwords, phone numbers and more.

So you may be thinking this is all good, but why is this tool of interest to me. Well first of all, as I have mentioned before many organisations are looking at, and are deploying iPhones. Out of the box they are not an enterprise ready tool and require 3rd party enterprise tools. So you get a call from you user, the iPhone needs restoring, they dont want to lose their information so they want to restore from the backup. Fine, however they have forgotten their password. So now you have an option to recover with this tool.

Next is the addition of gathering this information as part of a penetration test, or even a social engineering engagement. Obviously you need to get the files off the users machine, not the iPhone itself. I don’t need to tell you guys the ways this is possible. If your feeling really lazy, you may want to check file sharing networks, people share all sorts.

If you are a file sharing network user, please check you are not sharing your entire hard disk, and if you are…. STOP IT.

To conclude I think this is a tool worth having if your organisation is offering the use of iPhones, and it also has a place in your pentesting toolkit. For more information check out Elcomsofts website, and read below for some more information on the tool itself.

Elcomsoft iPhone Password Breaker enables forensic access to password-protected backups for iPhone, iPhone 3G, iPhone 3GS, iPhone 4, iPad, and iPod Touch 1st, 2nd, and 3rd Gen devices. Featuring the company’s patent-pending GPU acceleration technology, Elcomsoft iPhone Password Breaker is the first GPU-accelerated iPhone/iPod password recovery tool on the market. The new tool recovers the original plain-text password that protects encrypted backups containing address books, call logs, SMS archives, calendars, camera snapshots, voice mail and email account settings, applications, Web browsing history and cache. The program is also able to read and decrypt keychains (saved passwords to mail accounts, web sites and 3rd party applications) from password-protected backups (if password is known or recovered).

  • Gain access to information stored in password-protected iPhone and iPod Touch backups
  • Recover the original plain-text password
  • Read and decrypt keychain data (email account passwords, Wi-Fi passwords, and passwords you enter into websites and some other applications)
  • Save time with cost-efficient GPU acceleration when one or several ATI or NVIDIA video cards are installed
  • Hardware acceleration on Tableau TACC1441 hardware
  • Perform advanced dictionary attacks with highly customizable permutations
  • Perform offline attacks without Apple iTunes installed
  • Recover passwords to backups for original and ‘jailbroken’ iPhone, iPhone 3G, iPhone 3GS, iPhone 4, iPad, and iPod Touch 1st, 2nd, and 3rd Gen devices
  • Compatible with all versions of iTunes (incl. 10.0) and iOS (3 and 4, incl. 4.1)

Elcomsoft iPhone Password Breaker supports Windows XP, Windows Server 2003, Windows Server 2008, Windows Vista or Windows 7 with x32 and x64 architectures. Password-protected backups to iPhone, iPhone 3G, iPhone 3GS, iPhone 4, iPad, and iPod Touch 1st, 2nd, and 3rd Gen devices are supported.

Review of the 3M Gold Privacy Filter

At Infosecurity Europe 2010 I got talking to the 3M guys about their new Gold Privacy Filter, and those lovely chaps gave me one to have a look at.

  • 3M Gold Privacy Filters provide twice the level of effective privacy protection and 14% higher clarity than standard black out privacy filters
  • User sees more clearly than ever while onlookers see nothing but a vibrant orange/golden screen

So why would you want a privacy filter?? Well if your a regular traveller and you don’t want the person next to you having a good peep whilst playing minesweeper, this will certainly help. Oh and of course those documents you work on containing sensitive data. It essentially just gives you some screen privacy and stops the shoulder surfers getting a look see.

There is not really alot to say, and I will let the below video demo do the talking. It does what is says on the tin, its easy to install and can be left in place 100% of the time. I will certainly be using this when travelling in the future. I do have one gripe with the product, but its most likely a personal thing. I have a matte screen, as reflections drive me mad, with the privacy filter in place, its glossy reflection city, and as its not something I am used to any more I couldn’t leave it on every day. I believe the previous version had gloss and matte sites, but this one seems the same both sides, still it does what it needs to do well, and serves its purpose, perhaps they mate release a matte version in the future.

Social Engineer Toolkit – Website Attack How To

You are hopefully familiar with the Social Engineer Website, if not then your missing out to go visit.

They have put together excellent information on the art of social engineering, and have formed an awesome framework with input from many great people. I am sure alot of people have read it, as I have heard people in the industry talking about it, but I dont often hear people talk about the Social Engineering Tools.

In particular I am talking about SET (Social Engineer Toolkit).

The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. Currently SET has two main methods of attack, one is utilizing Metasploit[1] payloads and Java-based attacks by setting up a malicious website that ultimately delivers your payload. The second method is through file-format bugs and e-mail phishing. The second method supports your own open-mail relay, a customized sendmail open-relay, or Gmail integration to deliver your payloads through e-mail. The goal of SET is to bring awareness to the often forgotten attack vector of social-engineering.

I have heard good things about the tool, and ReL1K (David Kennedy) has done a cracking job of putting a nice tool together.

So if your running a Linux distro and you want the tool, you can get it by simply fetching it “svn co http://svn.thepentest.com/social_engineering_toolkit“. For this basic demo I am using Backtrack 4 Final, so its already good to go. SET has various options, and can be configured in various ways. If this post is popular I will put something together to show this. However this post is just to demonstrate a basic function, and to show how well it works, and how simple it is to use, so that others are encouraged to give it a try.

So this is the situation. We are going to replicate a website, in this case I am going to use Twitter as an example, we then will use some social engineering techniques (not demonstrated) to encourage our target to visit a site / ip we have setup, and then we are done. There is spear phishing capabilities in the SET which will obviously provide a more automated attack vector, but for this demo we will assume its done manually, or verbally influenced / encouraged.

So we are in our chosen Linux distro, connected to the Internet / Network, and we make sure we have an IP address assigned. I am demonstrating this in my virtual lab with a BT4 Final Box and XP Sp3. I have also tested this same method on a physical BT4 box and a W7 box, with the same results.

So I assign an IP via DHCP.

Then we navigate to our folder that SET is installed to. In my case its /pentest/exploit/SET/

Next its always good practice to make sure everything is up to date. ReL1K is an updating machine, so it pays to check :) So we simply type ./update_set and its confirmed I am good to go. You can also update within the SET tool, and as metasploit is also used here, its worth making sure you are all up to date there also.

Now its time to get down to business and kick of SET. We simply type ./set and away she goes.

As we can see SET has a few options at its disposal. We are going to take a look at the Website Attack Vectors, so we want option 2.

Again more options are available. Because we are lazy we will let SET do the hard work and clone and setup a fake website. So again option 2.

We now need to select our attack vector. I know my lab machines are fully patched, so a browser exploit will most likely not be successful. So we go with option 1 and a Java Applet Attack method. Then remember we said we shall clone Twitter, so we input www.twitter.com also.

Its now time to get our payload selected. I am a fan of reverse TCP meterpreter, so time for option 2 again.

Now we have the fun of encoding our payload to bypass AV. Shikata ga nai is an excellent encoder, but now with have the multi encoding option, I have found in my tests it can be more successful at bypassing the AV. So you guessed it, option 15 please :) We will also need to define our listener port, so we will go within something creative. 4321

The encoding mojo does its thing.

We are asked if we want to create a Linux / OSX payload, but we dont need this here. So no thanks. The tool then goes ahead and sets up our fake site, and gets our listener up and running.

So now we have cloned a site, defined a payload, encoded it for AV bypassing and setup a web server for our cloned site. Simple huh. So now we are ready and waiting. So now we just need someone to go to our cloned site.

So I convince myself :) It would be a good idea to go to Twitter on a strange IP.
So we enter the IP of our SET hosting machine, and oh look its Twitter. Damn I need to install some Java stuff (I believe this can be customised for a better convincer, remember we are doing basics here :) It involves some more work and configuration.)

So we say yes, and assuming the AV bypass does its thing, we can see a session is created, and we are directed to the real Twitter site.

We connect to our session, and voila we have shell. The games begin.

So there we have it,  a doddle right. A great job has been done on this tool to make it effective and childsplay to use. I think it has a place as part of a pentest engagement, but also an effective awareness tool in anyones organisation to demonstrate how these things happen in reality.

It is of course worth mentioning, that not all AV’s can be bypassed by all encoded payloads. In my testing I found that I was able to bypass Avast, but Microsoft Security Essentials was picking this attack up. I didn’t mess about to much with different encoding variations, but you get the idea.

To demonstrate this to hopefully some better effect, I uploaded the file to Virus Total for analysis and you can see the results below. Less than half of the AV’s used can make the detection.

File java.exe received on 2010.03.02 20:51:30 (UTC)
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.03.02 Trojan.Win32.Rozena!IK
AhnLab-V3 5.0.0.2 2010.03.02 -
AntiVir 8.2.1.180 2010.03.02 -
Antiy-AVL 2.0.3.7 2010.03.02 -
Authentium 5.2.0.5 2010.03.02 W32/Rozena.A.gen!Eldorado
Avast 4.8.1351.0 2010.03.02 -
Avast5 5.0.332.0 2010.03.02 -
AVG 9.0.0.730 2010.03.02 -
BitDefender 7.2 2010.03.02 Gen:Trojan.Heur.TP.cqW@bG50SGgi
CAT-QuickHeal 10.00 2010.03.02 -
ClamAV 0.96.0.0-git 2010.03.02 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.02 Trojan.Packed.447
eSafe 7.0.17.0 2010.03.02 -
eTrust-Vet 35.2.7335 2010.03.02 -
F-Prot 4.5.1.85 2010.03.02 W32/Rozena.A.gen!Eldorado
F-Secure 9.0.15370.0 2010.03.02 Gen:Trojan.Heur.TP.cqW@bG50SGgi
Fortinet 4.0.14.0 2010.02.28 -
GData 19 2010.03.02 Gen:Trojan.Heur.TP.cqW@bG50SGgi
Ikarus T3.1.1.80.0 2010.03.02 Trojan.Win32.Rozena
Jiangmin 13.0.900 2010.03.02 -
K7AntiVirus 7.10.987 2010.03.02 -
Kaspersky 7.0.0.125 2010.03.02 -
McAfee 5908 2010.03.02 Downloader-CCK
McAfee+Artemis 5908 2010.03.02 Downloader-CCK
McAfee-GW-Edition 6.8.5 2010.03.02 Heuristic.LooksLike.Trojan.Rozena.H
Microsoft 1.5502 2010.03.02 Trojan:Win32/Swrort.A
NOD32 4910 2010.03.02 a variant of Win32/Rozena.AB
Norman 6.04.08 2010.03.02 -
nProtect 2009.1.8.0 2010.03.02 -
Panda 10.0.2.2 2010.03.02 -
PCTools 7.0.3.5 2010.03.02 -
Prevx 3.0 2010.03.02 -
Rising 22.37.01.04 2010.03.02 -
Sophos 4.50.0 2010.03.02 -
Sunbelt 5729 2010.03.02 -
Symantec 20091.2.0.41 2010.03.02 Suspicious.Insight
TheHacker 6.5.1.7.218 2010.03.02 -
TrendMicro 9.120.0.1004 2010.03.02 -
VBA32 3.12.12.2 2010.03.02 -
ViRobot 2010.3.2.2208 2010.03.02 -
VirusBuster 5.0.27.0 2010.03.02 -

DESlock+ Enterprise Review

Last year (2009) I got a call about reviewing a Full Disk Encryption product called DESlock+. I had not heard of the product, so a quick search later and more information was revealed. As encryption is an import consideration for users at home and within an organisation, and I had been looking at a few vendors for my day job I thought it would be some time well spent, and may be of use to some of you guys.

DESlock+ Enterprise is the product I am going to be look at, and its made by a company called DES. DES were founded in 1985, and the companies systems and methods originated within the British Government Communications Headquarters. The original users of DES products were government based, but over time have spread into other sectors. Over the past twelve years DES has also marketed the DESkey and DESlock range of software protection products. With an estimated 500,000 units in use throughout the world to date, sales of the DESkey continue to grow.

  • Full Disk Encryption
  • Removable Media Encryption
  • Encrypt Email, folders and files
  • Multiple encryption keys stored in a keyfile
  • AES, 3DES, Blowfish Algorithms
  • Encrypted mountable files
  • Secure data shredder
  • Keyfile backup utility
  • Scalable centralised licence and key management
  • Remote keyfile distribution
  • Software feature policy control
  • Includes DESkey USB manager tokens

When reviewing encryption products its can often be a difficult task. Lets face it the most important thing an encryption product can do is encrypt, if it doesn’t do that then we are in a pretty bad situation. So you will be happy to hear DESlock+ does encrypt and it works in a no nonsense way so with that in mind we are off to an excellent start.

To speed up my review Jamie Gordon (excellent guy) sent me a Windows 7 Virtual Machine with the DESlock product pre-installed, as like everyone getting the time to have a look at a product can be difficult. So the starting situation is essentially this. We have a Windows 7 client machine that has DESlock+ installed, and connecting back to DES HQ. The client gets its policy applied when we start up and authenticate for the first time, and we have various options available to us, but the Full Disk encryption has not yet been applied, our friend Jamie takes care of that for us remotely later.

I have a hell of alot of screenshot, about 120 or so, obviously I don’t want to post all of these, so as part of this review I will give an overview of whats going on, various configuration and functional options. I can tell you now the best thing for me about DESlock+ is it does what it says on the tin, with no fuss, and you don’t need to be a rocket scientist to configure your policy and get it up and running. I will basically show the shredder options, encrypting individual files, removable media and of course full disk encryption.

So to get things started we boot up our VM. Its important to remember that normally in an enterprise environment you would normally be logging onto a domain, however in this example this is not the case. So any credentials are not resolved from my domain credentials, its needs to be done manually. So I need to authenticate myself with the DESlock+ Enterprise Server using a one time password to get things started.

Once authenticated we need to change the password.

So now we are presented with the Desktop to go about our daily duties. Its worth noting we have the features of DESlock+ available to us now, but we have not yet had our hard disk encrypted.

So everything looks as normal, although we have the DESlock+ Shredder, and a couple of new icons in the task bar.

I will add a picture montage at the end of this review that shows various screen shots, so if you want to know what happens when you look further at these properties you can check them out.

So lets see what happens when I plug in a USB stick (A Dell branded 64Mb in this case). DESlock+ detects the USB device and prompts to do its thing.

So lets kick off the removable device encryption.

Encryption Completed.

Once the drive was encrypted a put a couple of files on there, ejected the drive and tried the stick on a windows machine, linux and Mac. All found the drive to be unreadable, so no chance at getting at that data. So good stuff.

So next I decided to decrypt the drive, and then try just encrypting a single file.

So now we create a file, and right click for our encryption options.

Once the file is encrypted the remainder of the stick was still usable, but as expected the encrypted file is not accessible. Obviously files can be encrypted like this locally, as well as on removable media. This allows for some versatile application, whilst ensuring control and protection over your data.

Of course for that little bit of additional protection its a good idea to securely erase files when your done with them, and this brings us along to the DESlock+ Shredder. You can choose how many passes you want to make when erasing the data, and choose between two methods.

So we know we can encrypt our files as needed, and we can securely erase them also. So the next thing to get sorted is obviously full disk encryption.

There is an option to encrypt using a local wizard, and an activation code you get from the administrator. I did have a look at this option as the screen shots below show. However I decided to go the remote route as this is an enterprise offering, and see how it works from the admin console.

As you can see above. If we had an authorisation code from our admin, we could kick off the full disk encryption ourselves.

So now lets take a brief look at what we see as an administrator from the DESlock+ Enterprise console.

Once we are in the admin console we have access to the various configuration options. We have the ability manage both DESlock vouchers (these control what you can or cant do based on what you have purchased) and users of the system. From a day to day perspective this is probably where you will spend time verifying what accounts are created, active machines and so forth when your first getting set up. Then there is the profiles section, this does what it says on the tin. It allows the for creation, modification and assigning of encryption profiles. Next is the Enterprise server section, this shows the user details and associated machine, when they last connected, keyfiles in use etc. The full disk encryption section is fairly obvious, this where you manage the FDE of machines in your environment. We then have the encryption keys section, this is a useful section as you can create multiple encryption keys for different parts of your organisation, to give extra levels of control. Finally the install admin section, this pulls various information together to form a registry key that is applied as part of the product install on client machines.

I viewed this section remotely with the DES guys, so I didn’t have time to have a proper play myself, but I did take some snapshots that you can see towards the end of the review.

So whilst viewing remotely, Jamie kicked off my remote encryption of my VM machine. It worked a charm with no fuss. My machine connected with the remote server, downloaded configuration updates, and then started encrypting. I even rebooted mid encryption as a test and it resumed once logged in.

So here are a couple of snaps to show what’s going on at the client end.

Now lets reboot.

Job Done :)

Wrap up and thoughts….

So we have gone through the motions, seen some screen shots, but is it actually any good. Personally yes I think it is. For me when it comes to encryption products it can be a difficult evaluation process, because lets face it if its encrypting our data in a secure method its ticking the box. I think what makes DESlock+ a good product is that its simple. I don’t mean that in a negative way at all, the product does what it says on the tin. It encrypts files, removable media, full disk encryption as well as emails and other bits and bobs I was not able to spend time in testing, and it does it in a professional no fuss approach. The menus and clear and simple to understand, policy configuration is easy and flexible, I like the fact you can use different encryption keys in different parts of the business, and for different users, this gives an extra level of access control. I like how easy it is to revoke access to encrypted files and devices in the event of loss, and I like the challenge response stuff for when people forget passwords and I like the secure deletion with the shredder.

I would certainly make organisations (especially SME’s) I work with aware of DESlock+ as well considering their similar home offering to family and friends who just want to encrypt files and don’t need FDE. However as with everything I had a few gripes with the product whilst reviewing. Its great that you can encrypt removable media, but its abit frustrating you cant share the content with non DESlock+ customers (they now have an offering for this coming soon), and I have seen some other products that allow custom configuration messages for users screens, this isn’t a major one for me but its a bonus sometimes. Lastly its my understanding that the product itself does not support distribution across the organisation, so you need to utilise some other tooling to package up and distribute DESlock+. None of this stops me thinking its a good tool, just sharing my thoughts. It is also worth noting the DESlock+ products only work on W2K upwards, so no support for Linux and OSX.

Since I have completed the review DESlock+ has been FIPS 140-2 validated, so congratulations and well done to the guys on that achievement. They have also made a product available called DESlock Reader which will allow non DES customers to decrypt emails, and files that have been encrypted with DESlock+ (obviously you will need to know a pre shared password to decrypt), this something that can be enabled or disabled at a policy level if you don’t want everyone having the ability to potentially share data outside the organisation. Another product is in the pipeline that should be out later this month, and this is DESlock+ Go. This product is all about encrypting removable media to share with 3rd parties in a secure manner. The 3rd party doesn’t need to install any software, it all runs from the encrypted package, and if its writable media such as a USB device, the 3rd party can even write data back to the device to share securely back with the original DES user. Finally they also have an MSI configuration in the pipeline that I think will help with the installation and distribution of the product, especially in larger enterprises.

For pricing your best of contacting DES yourself, but its my understanding the Home versions are about £45, which just provides secure file encryption (not FDE). Business Desktop licences start at around £75 for small numbers of licences and then decrease in cost as the number of users increases over 1000, and the Enterprise Server is about £250. Maintenance is also available at additional cost as needed.

Picture Montage


Ironkey S200 Personal Review

I don’t wont to go over to much of what has already been covered by the Enterprise Review from last week. The main focus of this review is to demonstrate that you don’t have to be part of a large organisation to benefit from what the Ironkey has to offer, as the personal versions are great to. As I previously said I have been using Ironkeys for a while myself and these are personal devices.

Below will be a brief recap of what the Ironkey Personal is all about and how you go from opening the box, to secure storage and browsing.

Personal Version Specs:
Rugged Metal Casing
Waterproof
Tamper-Resistant
AES 256BIT Hardware Encryption
FIPS Validated 140-2 Level 3
Strong Authentication
Secure Browser / Portable Apps
Secure Password Management
Self Service Password Recovery

So you have just got your hands on your nice new shiny S200 Ironkey personal, you have popped open the nicely designed black box and popped it into your USB slot. The first step is to initialise your key.

Its important to give your Ironkey an appropriate name, so that you can easily identify it in your personal online console, because your going to want more than one at some point. The next one is to obviously select a strong passphrase. It might be AES256 bit encrypted, but using the password “password” isnt going to be that secure.

The part it to read through and accept or reject the T’s and C’s.

Once thats all out of the way the Ironkey will start doing its thing, encryption, configuring and installing.

As with the enterprise version, you need somewhere to keep track of your keys, backup your password for recovery, etc etc. So now you need to create online account, or if like me add your Ironkey to your existing account.


Now your account is setup, Ironkey will send you an email with an activation code. You will need to enter this into your online account, to setup and confirm association with your account and your Ironkey.

Now your good to go. You should find that the Ironkey control panel has also launched, and this gives you access to the various pre-installed application and services. Secure Firefox browser, password managers, update manager and more.



You will also notice there is an option to fill in some Lost and Found information. This is then displayed to anyone who inserts and attempts to activate the Ironkey. They can then contact you to make you aware of how foolish you were to lose your precious key :)

So thats pretty much you good to go. However I will add one thing, that seems to be very unclear when your looking around online. People seem to think for some reason you are unable to install new applications onto your Personal Ironkey. Well of course you can. I will quickly go through how to install Pidgin, and other applications should be the same.

First off head along to Portable Apps, and get yourself a copy of Pidgin.

You then simply install this to the secure files location on your Ironkey. Then from your Ironkey control panel right click on the applications screen and select add application.

Now select the Pidgin Executable in your secure storage location. Then Bob’s your uncle you have Pidgin good to go.

I hope this review was information and helpful to a few of you. For more information on Ironkey and where to buy one check out their website.