[unisog] IronKey (IK) encrypted USB keys

Aaron Wade agw8 at cornell.edu
Sat Dec 22 22:41:53 GMT 2007


Russel,
I second the notion of moving to the ironkey.  We're already exploring
making them the standard within our college for staff.
-Aaron

Aaron Wade, CCE
IT Security & Infrastructure
Engineering Information Technologies
Cornell University


> First off, apologies, this is going to sound like an advertisement for
> IK...
>
> We have recently had a play with a few 'secure' usb sticks from
> various suppliers.  By and large they only support windows and provide
> simple encryption of the contents of the drive.
>
> One stood out from the pack and that was IronKey.  The IronKey comes
> with a bunch of useful stuff on a readonly partition on the drive,
> including Firefox, Tor and a password manager.  The idea is that IK is
> more than just an encrypted USB key it is actually a trusted platform
> that you can use to access the Internet in potentially hostile
> environments while on the road.  What you do is visit the sites you
> need credentials for from a safe environment before you leave and
> allow the password manager to store your credentials for each site on
> the key, then when you are in  some dubious cyber cafe you can browse
> to the site using the copy of firefox on the key and the password
> manager plugin will automatically post the credentials for you with
> out having to type them thus avoiding keystroke loggers.  No, this
> isn't foolproof but it does mitigate some of most common risks.
>
> I was also surprised to find that there was a mac folder on the key --
> which contained a single executable (the windows folder contained
> about 20 files) which when executed on a mac mounted the key and
> prompted for the password.  I have since found out that the most
> recent versions have linux support too.  At the moment Mac and Linux
> support is "Alpha" and in particular you can initialise the device
> only on a windows system and the password manager etc only works on
> windows.  That should change soon and IK are promising full support
> for Mac and Linux.
>
> If this was not enough the local NZ agent just told me that they have
> received a new key (which they are passing to a 'major bank') that has
> a built in RSA token.   Since we use RSA to secure access to much of
> our infrastructure this is attractive -- I for one would welcome one
> less bulky object on my key ring.  We plan to require RSA
> authentication for our VPN sometime next year and so this ties in
> nicely particularly if we can get the VPN client on to the key.
>
> This product looks like one worth following, we will wait until Mac
> and Linux are fully supported and the RSA tokens available (hopefully
> in a few months) and then try and get a bulk deal.
>
> Russell
>
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog
>








More information about the unisog mailing list