[unisog] IronKey (IK) encrypted USB keys
r.fulton at auckland.ac.nz
Sat Dec 22 20:44:48 GMT 2007
First off, apologies, this is going to sound like an advertisement for
We have recently had a play with a few 'secure' usb sticks from
various suppliers. By and large they only support windows and provide
simple encryption of the contents of the drive.
One stood out from the pack and that was IronKey. The IronKey comes
with a bunch of useful stuff on a readonly partition on the drive,
including Firefox, Tor and a password manager. The idea is that IK is
more than just an encrypted USB key it is actually a trusted platform
that you can use to access the Internet in potentially hostile
environments while on the road. What you do is visit the sites you
need credentials for from a safe environment before you leave and
allow the password manager to store your credentials for each site on
the key, then when you are in some dubious cyber cafe you can browse
to the site using the copy of firefox on the key and the password
manager plugin will automatically post the credentials for you with
out having to type them thus avoiding keystroke loggers. No, this
isn't foolproof but it does mitigate some of most common risks.
I was also surprised to find that there was a mac folder on the key --
which contained a single executable (the windows folder contained
about 20 files) which when executed on a mac mounted the key and
prompted for the password. I have since found out that the most
recent versions have linux support too. At the moment Mac and Linux
support is "Alpha" and in particular you can initialise the device
only on a windows system and the password manager etc only works on
windows. That should change soon and IK are promising full support
for Mac and Linux.
If this was not enough the local NZ agent just told me that they have
received a new key (which they are passing to a 'major bank') that has
a built in RSA token. Since we use RSA to secure access to much of
our infrastructure this is attractive -- I for one would welcome one
less bulky object on my key ring. We plan to require RSA
authentication for our VPN sometime next year and so this ties in
nicely particularly if we can get the VPN client on to the key.
This product looks like one worth following, we will wait until Mac
and Linux are fully supported and the RSA tokens available (hopefully
in a few months) and then try and get a bulk deal.
More information about the unisog