Ironkey S200 Enterprise Review

I am a probably a little biased, as I have been using a personal Ironkey 1GB S100 for some time now, and have recently got myself an 8GB S200 thanks to Don at The Ethical Hacker Network, so its clear I think they rock, and in my opinion I really do think they are the best secure USB Pen Drive on the market.

However I have never had any exposure to their enterprise offering, and with lots of companies now looking to adopt secure portable / removable media I think if Ironkey could be a good solution from a device perspective to help with data loss prevention. Ironkey have been kind enough to set me up with a temporary enterprise account, and sent me a couple of enterprise S200 1GB sticks to have a look how it all hangs together.

Before I get started, if you have never heard of Ironkey, let me just give you a little bit of info on what they are all about, and why in my opinion they are the 007 secure usb stick of choice, did I mention they look the business to :)

Enterprise Version Specs:
Rugged Metal Casing
Waterproof
Tamper-Resistant
AES 256BIT Hardware Encryption
FIPS Validated 140-2 Level 3
Strong Authentication
RSA SecureID / Verisign ID Protection
Secure Browser / Portable Apps
Self Destruction
Anti-Malware Protection

So on with the review. First we need an Ironkey Enterprise Account, and an Enterprise Ironkey, I was provided with both of these. When you get an Ironkey it comes in a little black box, once you have opened it up and plugged in the Enterprise Ironkey and the launcher is run, you are informed that you need to activate your Ironkey. (*Setup on a Mac)

To progress past this stage you will need an activation code that your Ironkey Enterprise would have setup for you through the console. This will result in you having received an email with your activation code.

So with that in mind we will go to the Enterprise Web Interface and get things setup (policies, preferences and accounts).
First we log in with our Enterprise Account number.

Now as its our first login we need to go through the 10 steps of getting our configuration setup that we are going to apply to all the Ironkeys in our enterprise.

Step 1 – Make sure we are the right man for the job…. Check :)

Step 2 – Now we need to define how many failed password attempts before the Ironkey self destructs. (Default is 10)
Its important to remember once destruction occurs, thats it. No undo or try again.

Step 3 – Now we define our password settings, complexity, and recovery settings.

Step 4 – Now we setup the default applications available from the Ironkeys, Firefox, RSA, etc

Step 5 – Its all about the Lost & Found. We can configure a message that will seen by anyone who inserts the Ironkey

Step 6 – Now we setup the Enterprise Administrator Account, with a strong password.

Step 7 – Time for some challenge response info, for when we forget ourselves.

Step 8 – Now to create your secret identification image to ensure your at the REAL Ironkey admin page.

Step 9 – Creating your backup sys admin account.

Step 10 – Confirming everything is just how you wanted it.

So now we have our admin account setup and our admin Ironkey associated. So lets take a look at what we can do at the web interface. Its important to understand that logging into your management interface requires two factor authentication, so not only your username and password, but your Ironkey also. If you dont have your Ironkey you just get into the Safe Mode option.

So when we login with the Ironkey we get all the good stuff, user management, policy creation alteration, alerts, log information and more. Things are pretty self explanatory, so here is a screen shot montage.

Now we can continue to activate our Ironkey, as we have created an account, and associate policy.

Now we setup a name for our Ironkey and a strong passphrase.

The key is then initialised and encrypted.

Then then if the user doesnt already have an online account, they are prompted to create one.

Now the user is good to go, the policy will have been applied, applications made available and secure storage created.

If the user is also an administrator they get access to admin tools from their Ironkey also, allowing them to recover data from other Ironkey, reauthorise, etc.


Below are also some screen shots of an Ironkey that has been assigned a Silver Bullet Policy meaning it cannot be used unless it is connected to the Internet for authentication, and a device that has been disabled.

Here is the control panel a user see’s on a Mac and PC, do control panel is currently available to Linux users.

Its pretty clear that PC users currently get better percs from the Ironkey, but regardless of the plaform your getting some awesome secure storage. I am really impressed with the simple yet appropriate level of control the Ironkey Enterprise solution gives, and I dont think I would hesitate to recommend this to a customer. I will say that I had one device get stuck in some sort of authentication loop, but Ironkey support where extremely helpful, and the few things we tried didn’t work so they sent out a replacement by Fedex.
Ironkey also offer pretty much the same offering but for personal users, and I will be putting up a similar mini review of this offering later in the month.

For more information on the Ironkey offerings, and to locate your local reseller visit the Ironkey website.

I will leave you with a short video clip I made, testing the waterproof theory of the Ironkey S200.

Waterproof Testing

Happy New Year – 2010 Security Crystal Ball

Happy New Year to everyone, and all the best to all of you and your families in 2010. 2009 has been a busy year of ups and downs in the Infosec community and I am sure we will all have more fun and frolics as we roll into 2010.

With this in mind I thought I would share some predictions for 2010 as I look into my Security Crystal Ball :) Its all very mystic meg I know…

  • The buzz that is cloud security will continue to grow, and as more organisations look to realise the possible savings we find out how some of the early adopters didn’t do security right.
  • Increased focus on compliance and regulation. Organisations failing to meet PCI:DSS compliance to be met with stricter penalties, I think we are going to see more action less talk. The Information Commissioner and his team are going to be more proactive with identifying organisation not meeting their data protection obligations. Finally the FSA’s new task force are going to uncover more insecure goings on in the financial institutions as they start lifting the carpets to find whats been swept under there for years.
  • With increasing threats from various governments to impose restrictions on Internet access, and deep packet inspection, the growth in knowledge and usage of darknets will increase.
  • Continued adoption of full disk, endpoint encryption technologies and data loss prevention solutions as organisations attempt to get more control of their data and where it flows.
  • Increased disclosure laws in Europe. I have said this before but I think as the consumer becomes more aware about the regulations that exist, pressure is going to come to have a better understanding of breaches and data loss, similar to what exists in the US.
  • People will continue to do things insecurely, so called hackers will break things, get caught and claim some form of illness, the fairies made me do it.
  • Increased security awareness around the use and adoption of social networking sites. This may lead to more organisations restricting the usage, and hopefully increased consumer awareness to share less information.
  • Windows 7 to be bashed about increasing number of found security vulnerabilities, and the time taken to patch.
  • Increasing PDF related security issues and Adobe fail. Exploit writers will become more creative and not rely on the simple Java stuff.
  • A slight growth in awareness of security threats to mobile platforms. I don’t think we are going to suddenly see loads of exploits targeted as mobiles as I still don’t think the value is there, but there will be some more talk and research as we continue to rely and do more whilst mobile.
  • More exploits targeting virtualised environments. I think there is going to be a greater push for virtulisation in 2010, Googles OS is a perfect example, so researchers will start looking at this more.

So basically alot of the same really :) I am sure if I could think of more, but its all just guessing really, no one really knows for sure.

What does 2010 hold for me, well……. I am looking forward to some great interviews we have coming up on the Eurotrash Security Podcast, I will also hopefully be setting up a couple of UK based Security Bloggers Meet Ups in 2010, and I also hopefully have some reviews of the IronKey S200 Personal and Enterprise coming in Jan, along with DESLock.

I am hoping for a year of more Infosec challenges and learning opportunities to fuel my passion for the industry. Also time and funds available I am looking forward to seeing more of my Infosec buddies and conferences, and meeting new people also. Oh and I also still need to work out to use my new Mac properly, its a learning curve :)

So all the best to all of you, and I hope 2010 brings you more ups than downs.

Dale

Eurotrash Security and Exotic Liability Podcast Mash Up

Merry Christmas everyone. Check out the Eurotrash Security and Exotic Liability Christmas podcast special.


The Crimbo edition !

A very special Xmas episode recorded together with the Exotic Liability crew. Chris, Craig, Dale and Wim are joined by Chris and Ryan to discuss what moved the infosec community on both sides of the big pond in 2009 and are looking forward to 2010. One certainty being you will receive more and better Exotic Trash / EuroLiability.

Have a very merry Christmas and may your information not be compromized in 2010.

If you like it, subscribe in iTunes.

Eurotrash Security Podcast – A new european based podcast, check it out.

eurotrash security podcast

eurotrash security podcast

Hopefully you have heard about the new Eurotrash Security Podcast, but if not you have now :)

This is a new security podcast, covering European based security news and information. There are many great security podcasts out there, but many are US focus, this is where this podcast plans to be different. Obviously I am biased, as I am one of the hosts, along with Craig Balding, Chris John Riley and Wim Remes.

So what are you waiting for, check out the site and download the podcast NOW.