IronKey Locks Down the Treacherous Memory Stick
Memory sticks can be used to store confidential corporate data and passwords, and can also act as "something you have" security credentials for two factor authentication. That's why it's important that these storage devices are encrypted to prevent unauthorized people accessing them.
California-based IronKey has made a name for itself by supplying very high quality, hard-wearing memory sticks which include AES CBC-mode hardware encryption meeting FIPS 140-2 Level 2 security requirements to protect the contents. Data or applications stored on a stick can only be decrypted and accessed after entering a password, and if an incorrect password is entered a set number of times (usually ten) the contents of the stick is automatically erased and the device rendered unusable. This effectively prevents anyone attempting to find the right password by subjecting an IronKey to a brute-force attack.
While this is fine for personal use, most enterprises require a more sophisticated approach which enables memory sticks and their passwords to be centrally managed. To cater to this need IronKey offers its IronKey Enterprise solution, a combination of flash drives and a Web-based management system. This allows administrators to control the deployment of memory sticks to end users, and offers features such as password recovery, remote wiping of memory sticks that get lost, stolen or taken by rogue employees, usage monitoring, security policies, and limits placed on where the devices can be used. Administrators can also view an "enterprise dashboard", which provides information about user and device activity including the IP addresses from which a device has been used, and its geographic location.
When a company purchases IronKey Enterprise a designated system administrator receives a number of IronKey Enterprise memory stick devices and an email with a link to the IronKey web based management system. By clicking on this link the system administrator can start the process of configuring security policies, setting up a user name and password for the management system, and configuring one of the IronKey devices to work as a special "system administrator" IronKey. The system administrator is then strongly encouraged to create a second system administrator account, and matching system administrator key.
Once two system administrators have been set up they can add other users to the management system, and provide these users with IronKeys. These can be standard users, or system administrators can delegate responsibility in their organization by creating three other types of user: an auditor, who can view the IronKey Enterprise administration console (but not make changes to it,) a custom administrator, who can also manage policies, and an administrator (which is different from a system administrator) who can manage standard users but not change policies.
Newly created users automatically receive an email telling them to insert their IronKey into a computer on the corporate network and activate it by typing in a key supplied in the e-mail. When they do this a certificate and "account key" is burned into the end user IronKey. This allows the device to be unlocked, password reset or disabled in the future by an administrator in possession of a system administrator key and its corresponding password.
The user's security policy is also pushed to the device when it is activated, and this lies at the very heart of the IronKey Enterprise system. (In the future IronKey plans to enable administrators to set policies for groups defined in corporate directory systems.)
Policy options include:
Password self-recovery: If enabled this allows end users to log on to the IronKey Web site and recover a forgotten password, after answering various security questions. If this option is disabled then the IronKey password can be reset by an administrator in possession of the user's IronKey and an administrator IronKey. A user that has forgotten their password can also contact an administrator to request remote password recovery. The administrator can then log in to the IronKey Enterprise system and click a button to send an automatically generated email to the user which contains a link which, if clicked, will provide the user with their password.
Silver Bullet Service: When this option is activated, a user IronKey checks in to the IronKey Enterprise system over the Internet before it unlocks. This enables administrators to deny access to any device that is suspected as lost or stolen - or to delete all the data on the device if it is confirmed as lost or stolen. If no Internet connection is available, the device can be allowed to unlock a limited number of times or not to unlock at all.
Automatic policy updates: This ensures that the latest policies are pushed to the device whenever it is unlocked and connected to the network.
Number of permitted consecutive invalid password attempts: If the wrong password is entered too many times, the device self destructs. The purpose of this it to prevent an unauthorized user making multiple attempts to unlock the device, but users need to be able to make several attempts to take into account careless typing. A setting of between 3 and 10 provides good security without an excessive risk of locking out legitimate users.
Password policy: This specifies the minimum password length and make up, such as special characters and digits. IronKey passwords don't have to be particularly long to be secure (provided they are not easily guessable) because they cannot be subjected to a brute force attack without self destructing.
Trusted IP addresses: If this is enabled, the IronKey can only be used from the listed external IP addresses. This is useful for organisations which don't allow data to be taken off their premises, or which use IronKeys to carry data securely between two offices.
Software policy: This dictates what software is available on users' IronKeys. Options include:
- RSA SecureID or CRYPTOCard one time password applications, allowing the IronKey to be used as an authentication credential for two-factor authentication systems
- Anti-malware software
- IronKey's Identity Manager software which generates and secures secure passwords, and enables users to log on to secure sites automatically without having to remember multiple user names and passwords.
- IronKey's Secure Sessions Service, which creates an encrypted VPN tunnel between the device's on-board Firefox browser and IronKey's servers.
As you would expect with any system of this scope it takes a little experimenting to get the hang administering devices and users with the online platform, and although the system seems a little slow it works well. Touches like the ability to track users on a world map are nice, but the systems strength lies in its power to control users and devices, and especially the ability to disable or destroy devices remotely, and to provide various levels of password recovery including self service recovery, administrator controlled remote recovery, or recovery when the administrator is physically in possession of the device.
End user experience is very good for Windows and OS X users, although certain features like the Silver Bullet Service can't be used on the Mac platform. Linux users get the rawest deal - although IronKey devices can be unlocked from the command line to store encrypted data there is no graphical user interface to control many of the features of the device, and on-board applications are not available.
Since the IronKey Enterprise platform is Web-based it makes the system very easy and quick to implement. The IronKey Enterprise devices themselves are priced at a premium to consumer grade ones ($79 for a 1Gb device up to $179 for an 8Gb version), and the platform costs just $24 per device per year. Volume discounts for both devices and the service are also available.
Overall IronKey Enterprise is an effective platform for managing a large fleet of encrypted portable storage devices. It uses standard (and therefore well understood) cryptography in a fairly complex way to ensure security while doing a good job of shielding this complexity from both administrators and end users to make the system very easy to use.