IronKey.The world's Most Secure flash Drive.

Discussion in 'hardware' started by Dark Shadow, Dec 5, 2008.

Thread Status:
Not open for further replies.
  1. IronDrew
    Offline

    IronDrew Registered Member


    I would hope not.

    Improper removal of a USB drive can cause such problems. I know that it is so easy to just yank the device out, and most users don't even know that they should take the extra 10 seconds to properly eject the device.

    I was happy to note no one in that thread mentions using an IronKey...which doesn't mean that we are immune to such things, but we do try promote the concept of locking your device to users (more than most other USB manufacturers).
  2. AltRoute
    Offline

    AltRoute Registered Member

    I am looking into rolling out some IronKeys to store information for about 10 people. What got my attention with the IronKey was the built in encryption, how indestructible they are ( I have a couple clumsy users) and the password function ( its just so finial - love it).

    What I am looking to do is to store data on them that will need to be sync'ed with a file server at least once a month ( or whenever it is plugged in).
    The key question is how do I make it idiot proof. There is syncing software out there but I haven't seen any yet that I can invoke and app before it tries to sync. I want the user just to see the password prompt.
    The other issue is how it will sync to a moving target - the drive letter keeps changing.
    If Iron Key can do that - I will be sold.

    Hope you can help
  3. CaixFang
    Offline

    CaixFang Registered Member

    I'm not going to speak to what the IK guys could do in a custom deployment, because I havent been down that road, but as I understand it, OOTB, you arent going to be able to sync automatically with the IK and your central servers. A few things you will have to overcome:

    Autolaunch - IK doesnt provide native autolaunch abilities, for good reason. I can think of some hacks, and some ways to make it, but nothing I would recommend in a business environment.

    As for the actual syncing of files on insert, or unlock, it seems like I have seen this either discussed, or there is a solution out there, but as far as I have seen its not built into the IK, unless this is something the Enterprise level can facilitate natively.

    As for the drive letters, you can address that with some scripting under windows. Whatever your autorun (or manual run) process, you either need to fetch the drive letter the IK is mounted on based on the device id, or you need to supplementally mount the IK using that device id. That I have done using some scripts on my drive, but now you are looking at some additional issues when you are doing multiple drives, as you need to know the device id of each to put in your code. Perhaps there are some internal variables that the IK manager uses that you could call to get the drive letter of the IK you are running from to build that code. I believe last time I asked there was not an open SDK for the IK, but that the IK guys would help build solutions as needed. The lettering of the drive, is the smallest of the issues I see in this deployment.

    Are the IK's going to only be connected to computers that are on your LAN / VPN, or are you going to expose your fileshare to the internet in someway to allow the IK to sync with the fileserver over any internet connection?

    Either way, how are you going to handle a device plugged into a machine that cannot connect to sync (you mentioned the sync being part of the unlock process, but what if there is no internet, its down, offline pc, restricted pc, etc.)

    I think, from my experiences with the IK you should be able to do what you want, really you arent doing anything that is special based on it being an IK. Basically this could be done on any usb device, you just want the additional benefits of the IK. Other than the autorun, and possibly the drive lettering, IK shouldnt have to provide much to the solution, the big one is the actual sync s/w and the rules on how to govern the device before, during and after a sync, and in the absence of.....
  4. IronDrew
    Offline

    IronDrew Registered Member

    Nice analysis, CaixFang.

    We do have a SecureBackup function in our devices, but there is no forced or scheduled option (at this time).

    There other 3rd party offerings that you could use. Toucan is a great, free sync app. It may not be the exact match for what you are looking for, but it is popular amongst our users.

    Also, feel free to post on the IronKey Forum...there may a user there that has had the same requirement as you, and has already solved this issue.
  5. CaixFang
    Offline

    CaixFang Registered Member


    Drew,

    Are there any SDK offerings from IK? There are SO many things I would like to be able to dive deeper into doing with my IK, but with no available development path, and this being just one device the needs dont justify custom development from IK, I don't have many options.

    Now that I finally have a device that I love and can't live without, I'd really like to incorporate some things into my use of the device.

    For what its worth to anyone thinking about an IK, this USB drive will become such a part of your computing needs, that you won't be able to function without it! I managed to get all the way to the office yesterday without mine and had to turn around and make the hour round trip back to get mine. It really is more than just another flash drive to throw in a drawer or leave in the bottom of your laptop bag....
  6. IronDrew
    Offline

    IronDrew Registered Member

    There is no SDK at the moment.

    It is something that we would like to have, eventually.
  7. CaixFang
    Offline

    CaixFang Registered Member


    I bite my thumb at you in disgust, sir. :p

    Always with the future offerings.....
  8. IronDrew
    Offline

    IronDrew Registered Member



    Yeah, can be slow to release stuff, instead of hurrying to get it out the door to meet a specific date.

    It is very much our preference to do this. :)
  9. CaixFang
    Offline

    CaixFang Registered Member


    I know. And the more options for development, the more possibilities for someone to inadvertently compromise the security of the device. Features add complexity, complexity adds security risk.

    I'll hold out for an SDK or developers IK release.

    (Thanks for the email)
  10. AltRoute
    Offline

    AltRoute Registered Member

    Thank you CaixFang very much for you prompt and very detailed response. Since it is early in the game with this project you have given me some a very solid direction of how I need to proceed.
    As for the sync - I did say automatic but I think I get a bit ahead of myself. :oops: I was going to have the users run it manually from an icon, I was planning to have it log on ( password prompt) and then have it sync the files in the back ground. That would solve the problem of no VPN, internet, office etc . . . connection.

    Thanks again for you reply

    IronDrew - I am running over to the IronKey form right now to have a look - thx for the suggestion - its one of those " why didn't I think of that " ideas o_O
  11. AltRoute
    Offline

    AltRoute Registered Member

    Just one other thing - ( since I have IronDrew's ear)
    One BIG improvement on the Iron Key would be to have the cap connected to the body somehow. Like with a string or a sliding mechanism. I just know I will lose it – I always do . . :ouch:
  12. CaixFang
    Offline

    CaixFang Registered Member

    That's about my only damn complaint with the IK, is the cap!

    If you need some help, or need to bounce ideas off someone on this project, feel free to shoot me a PM. I don't have all the answers, but I never mind helping ask the questions!
  13. LockBox
    Offline

    LockBox Registered Member

    How does the IK compare to Kingston's latest VAULT series? I know they don't have the onion routing network, but I'm really thinking of hardware and encryption methodology.
  14. CaixFang
    Offline

    CaixFang Registered Member

    They don't. The IK is in a class of it's own, that to my knowledge, there are no competitors in. The pure physical security of the IK is unequaled in any flash device i have seen on the market. You simply cannot get to the actual flash memory and bypass the protection to try and brute force or crack the encryption.

    I'm sure Drew can break down the actual encryption method differences in the two, but in my opinion, there is no need to. The IK blows everything else away based on the first point, that nothing else can put up a legitimate fight against it.

    The added s/w and browsing features are really just bells and whistles to the device. Theoretically you could duplicate almost everything s/w wise on the device, but the device isnt sold to be a secure surfing device, its sold as a data protection device, and theyve thrown in the secure surfing as some icing. That doesnt at all minimize the quality or benefits of the sw on board, but you dont buy it for the sw, you by it for the security of your data on it. (BTW the IK does use the onion routing protocols and methods, but it does NOT use the public TOR network that you can download and connect to. They have made modification to the TOR sw and concepts and presented them to their users in a private package that they maintain, separate from the public TOR network. The IK does not use the public TOR network, and the public cannot access the private (SecureSessions) TOR network that IK provides to their devices....)
  15. LockBox
    Offline

    LockBox Registered Member

    They both use hardware encryption. Chips on board handle the encryption, they are both rugged, what's the big difference that the IK "blows away" the Kingston drives? They were first to the market with hardware encryption on flash drives with their old Secure Privacy Vault. The new "Vault" series looks very much the same. Does anyone know the differences? Beyond just the extra software stuff that IK has that I don't care about anyway?
  16. IronDrew
    Offline

    IronDrew Registered Member

    Hi LockBox,

    Kingston is a well known, well respected member of the flash drive manufacturing community, and we're not the types to wantonly bash competitors every time that someone brings one up. We find that fairly tacky, so I hope that no one is hoping that I'm being baited here.

    Kingston makes some good products. The differences between our products, begins with different philosophical aims of our companies. IronKey is a security company who makes a memory product. Kingston is a memory company, who in some of their products includes security features.

    IronKey includes "extra software stuff" that you have said that you don't care about, because all of these items are useful tools for user security. Creating a product that is secure is our number one priority. In many cases we have thought of solutions to attack vectors that most of our users have no idea even exist. A great claim, but hard to put into a value proposition.

    It comes down to how much do you want to protect your data, and do you have regulatory concerns (SOX, HIPAA, etc).

    Some people are less concerned with protecting the data and privacy than others. There is nothing wrong with that. I could make a rough comparison to this to digital cameras. I have a nice Canon point and shoot, it takes decent pictures and it fits in my pocket, and that's all that I care about. It cost about 1/4 of the digital SLR that a friend of mine has. He's into photography, and does some graphic design. I'll admit that his pictures look better than mine. But regardless of how much better his pictures look, I simply don't care that much about taking pictures to get a fancy digital SLR.

    Where the analogy breaks down is that (of course) lesser quality pictures are never going to leave me open to identity theft.

    Sorry for the digression...back to your question of the differences, another major difference is the physical security. In most USB drives the chips can be easily accessed and manipulated, making them vulnerable to brute force and other attacks. Under the IronKey's metal exterior it is filled with epoxy. Trying to access the chips this way, will destroy them.
  17. ronjor
    Online

    ronjor Global Moderator

    Several off topic posts removed from this thread. Any more off topic posts posted in this thread will be removed without comment.
  18. IronDrew
    Offline

    IronDrew Registered Member


    LockBox,

    Sorry if this "old news" now...but if you haven't been made aware of the vulnerability that was discovered in encrypted devices made by Kingston (as well as others) you may want to have a look at this: USB Vulnerabilities Exploited

    In fact this is very informative, particularly the Webinar, that was recorded and is available for your viewing.

    Please note: this link will take to you the IronKey website.
  19. KRF
    Offline

    KRF Registered Member

    I do appologise, I thought that saying what I said about IronKey was right and also in the right thread as the thread is called "IronKey.The world's Most Secure flash Drive." I thought this would be the best place to state my feeling about the IronKey like everybody else has.

    I am sorry if the mods and adnim's didn't think this, and I hope it was done by a mistake and not out of censorship, if it's ok can I repost my feeling and what i have found out about IronKey for using them for a year and also beta testing for them

    please let me know.

    I would have sent in a PM but i am not able to at the moment as I guess there is not enought post on my account.
  20. LowWaterMark
    Offline

    LowWaterMark Administrator

    KRF - You may post your experiences with and opinions about the product(s) referred to in this thread. However, to stay within our guidelines, please do not post any private communications (even with the names removed) between you and them, as that is against our policy. Also, we don't debate how other people run their forums, so leave out whatever happened there between you and them. If people have an issue with another forum, they must take that up with the site directly, not here. This goes for any other forum, not just IronKey's. We don't fight forum wars here.
  21. KRF
    Offline

    KRF Registered Member

    [Removed]
    Last edited: Feb 8, 2010
Thread Status:
Not open for further replies.