Since the title of this thread reads:

"Lets put it to the test!"

We'll do just that. We have been in touch with IronKey, and they are sending us some product to test. This review has been given to our newest columnist, Mike Murray. Mike is the former head of Neohapsis Labs, so I figure it was a great fit.

No ETA yet, but we'll keep you posted.

Don

PS - Dave from IronKey: Feel free to PM me regarding this review.

Been using a couple of IronKeys for a while.  I think they're great.  Glad to hear from you guys that there's Linux support now.  Been using it on the the MS and Mac boxes ok. I like the idea that only you {and the NSA} can get to your data.

1) An IK is only secure "at rest" - i.e. when not plugged into and authenticated on a host. Data is passed in clear across the host USB bus *then* encrypted by the IK.

2) Each IK has a unique serial number etched onto it. No serial number, no key-escrow. Although diagnostic (IK Support) probing of ROM would likely reveal serial number anyway.

3) The length of time taken to user-initialize a new IK is very quick. Does anyone remember how long PGP used to take to generate key-pairs on a host with a substantially faster CPU? It is probable therefore that Key-Pairs are likely installed post assembly. See point (2) above.

4) The Identity Manager (updated) is very good, but auto-archives all info to the "secure IK vaults". This option cannot be disabled it seems. How secure are the vaults?

Overall a very, very useable product. I've implemented IK's both corporately and recommend them privately; for the money and overall security they provided they're as good as anything else out there.

If an IK is used to store anything that becomes of interest to the State, then none of the points raised above become relevant. Google "Camp Delta/Xray".

If one deems the Risk, Probability and Impact of any data/information interception high enough, then ensuring that the host any IK is plugged into is "secure" is essential.

My suggestion:

1) Use VMware to create a VM machine, preferably Linux. Clone it.
2) Install/use Truecrypt within the VM clone to create container file as secure as desired. Use multiple key files, stored on a secondary USB device, in addition to a *lengthy* password. Fill container with "data". www.truecrypt.org
3) Move Truecrypt container to IK. Data is thus encrypted *before* it hits the host USB bus.
4) Shutdown VM clone. Securely Wipe Clone from disk.
5) Start over.

Admin heavy yes, but prevents as best as possible key-recovery and interception of clear data crossing the USB bus to the IK. Even if the target Host/IK become compromised (within reason) data is still held securely within (potentially) the now quadruply encrypted Truecrypt container.

Effort Expended = Results Gained.

IMHO

TM

ravenmsb,

that's not something I was aware of, can you provide a link for further reference?

I am the IronKey administrator here at my office.  We are using the Enterprise service, and so far we are very happy with the service and devices.

I have not had the chance to disassemble one or use the Silver Bullet service yet, but the policy definitions are useful and easy to use, and the comfort of knowing that our data is safe even if someone loses the device is great. 

Additionally, if someone leaves or is identified as having stolen data and placed it on a managed key, the ability to stop that person from unlocking the key is useful as well.

Anyone have questions about the Enterprise control panel?

This is really interesting topic it look like they also working on a secure app that should be released soon.

@don did EH every get their ironkeys was a review done ?

I must have been taped in a cupboard somewhere.

thanks