.

IronKey a joke ! Lets put it to the test!

<<

Greedo011

Newbie
Newbie

Posts: 1

Joined: Tue Aug 05, 2008 5:22 am

Post Tue Aug 05, 2008 5:46 am

Re: IronKey a joke ! Lets put it to the test!

Been testing Ironkeys for a while. We have just the standard which is good enough for the man or women on the street the New Enterprise version is more controlled and you can created policys with the master ironkey where as your ironkey that you handout will just be like a normal usb device but with encryption and you can control from a management point of view. Tie this in with Securwave and you have a really good platform that is secure.

Rock a doodle doo
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Aug 22, 2008 1:09 am

Re: IronKey a joke ! Lets put it to the test!

Since the title of this thread reads:

"Lets put it to the test!"

We'll do just that. We have been in touch with IronKey, and they are sending us some product to test. This review has been given to our newest columnist, Mike Murray. Mike is the former head of Neohapsis Labs, so I figure it was a great fit.

No ETA yet, but we'll keep you posted.

Don

PS - Dave from IronKey: Feel free to PM me regarding this review.
CISSP, MCSE, CSTA, Security+ SME
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Sat Nov 01, 2008 6:28 pm

Re: IronKey a joke ! Lets put it to the test!

Did anything ever come of this Don? Or did I just miss it going by?

don wrote:We have been in touch with IronKey, and they are sending us some product to test.
<<

virtronic

User avatar

Newbie
Newbie

Posts: 6

Joined: Wed Jan 28, 2009 8:58 pm

Location: PA

Post Wed Jan 28, 2009 9:58 pm

Re: IronKey a joke ! Lets put it to the test!

Been using a couple of IronKeys for a while.  I think they're great.  Glad to hear from you guys that there's Linux support now.  Been using it on the the MS and Mac boxes ok. I like the idea that only you {and the NSA} can get to your data.
<<

Dave_IronKey

Newbie
Newbie

Posts: 2

Joined: Fri Jun 27, 2008 10:49 am

Post Thu Mar 05, 2009 5:50 pm

Re: IronKey a joke ! Lets put it to the test!

Glad you like them Virtronic.  I've met with numerous people in the IA group at NSA, and I still don't see how they are going to be able to get your data :-)  They are engaging in a more detailed review to get to a level of validation that's even stronger than our current FIPS 140-2 Level 2.

Have you guys checked out the latest release of the IronKey Enterprise version, which includes a suite of anti-malware capabilities?

Dave
<<

twisted_monkey

Newbie
Newbie

Posts: 1

Joined: Tue Jun 02, 2009 4:30 am

Post Tue Jun 02, 2009 5:23 am

Re: IronKey a joke ! Lets put it to the test!

1) An IK is only secure "at rest" - i.e. when not plugged into and authenticated on a host. Data is passed in clear across the host USB bus *then* encrypted by the IK.

2) Each IK has a unique serial number etched onto it. No serial number, no key-escrow. Although diagnostic (IK Support) probing of ROM would likely reveal serial number anyway.

3) The length of time taken to user-initialize a new IK is very quick. Does anyone remember how long PGP used to take to generate key-pairs on a host with a substantially faster CPU? It is probable therefore that Key-Pairs are likely installed post assembly. See point (2) above.

4) The Identity Manager (updated) is very good, but auto-archives all info to the "secure IK vaults". This option cannot be disabled it seems. How secure are the vaults?

Overall a very, very useable product. I've implemented IK's both corporately and recommend them privately; for the money and overall security they provided they're as good as anything else out there.

If an IK is used to store anything that becomes of interest to the State, then none of the points raised above become relevant. Google "Camp Delta/Xray".

If one deems the Risk, Probability and Impact of any data/information interception high enough, then ensuring that the host any IK is plugged into is "secure" is essential.

My suggestion:

1) Use VMware to create a VM machine, preferably Linux. Clone it.
2) Install/use Truecrypt within the VM clone to create container file as secure as desired. Use multiple key files, stored on a secondary USB device, in addition to a *lengthy* password. Fill container with "data". www.truecrypt.org
3) Move Truecrypt container to IK. Data is thus encrypted *before* it hits the host USB bus.
4) Shutdown VM clone. Securely Wipe Clone from disk.
5) Start over.

Admin heavy yes, but prevents as best as possible key-recovery and interception of clear data crossing the USB bus to the IK. Even if the target Host/IK become compromised (within reason) data is still held securely within (potentially) the now quadruply encrypted Truecrypt container.

Effort Expended = Results Gained.

IMHO

TM
<<

ravenmsb

Newbie
Newbie

Posts: 2

Joined: Sat Sep 12, 2009 12:13 am

Post Sat Sep 12, 2009 12:19 am

Re: IronKey a joke ! Lets put it to the test!

Bruce Scheier hacked the ironkey with little effort over a year ago stating that the  Deniable File Systems that it uses are actually easier to hack than regular encryption methods.

The average Joe can't hack it but as with any technology it's manageable.
CEPT,  OSCP, C|EH, CPTE, CPT
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Sat Sep 12, 2009 11:30 am

Re: IronKey a joke ! Lets put it to the test!

ravenmsb,

that's not something I was aware of, can you provide a link for further reference?
<<

keyster

Newbie
Newbie

Posts: 3

Joined: Sun Sep 13, 2009 12:52 am

Post Sun Sep 13, 2009 1:16 am

Re: IronKey a joke ! Lets put it to the test!

IronKey has never been hacked, not by Bruce nor anyone else and many have tried.

I think ravensmb has confused the vulnerabilities that Schneier found with DFS and TrueCrypt a year ago. Last June,  Bruce said Deniable File Systems are actually easier to hack than encryption.  IronKey’s encryption is validated at Level 3 of FIPS 140-2.

See http://www.schneier.com/paper-truecrypt-dfs.pdf&nbsp; or http://blog.ironkey.com/?m=200807&nbsp; for details. 
<<

Diluted

Newbie
Newbie

Posts: 3

Joined: Mon Dec 04, 2006 5:27 pm

Post Fri Nov 06, 2009 4:20 pm

Re: IronKey a joke ! Lets put it to the test!

I am the IronKey administrator here at my office.  We are using the Enterprise service, and so far we are very happy with the service and devices.

I have not had the chance to disassemble one or use the Silver Bullet service yet, but the policy definitions are useful and easy to use, and the comfort of knowing that our data is safe even if someone loses the device is great. 

Additionally, if someone leaves or is identified as having stolen data and placed it on a managed key, the ability to stop that person from unlocking the key is useful as well.

Anyone have questions about the Enterprise control panel?
<<

nonamegsm

Newbie
Newbie

Posts: 1

Joined: Thu Sep 13, 2012 3:26 am

Post Thu Sep 13, 2012 3:35 am

Re: IronKey a joke ! Lets put it to the test!

Hi , I have banned/locked but not stealed or so key and decided to disasemble it and make some tests. I have found only this topic about reversing digging this product , if posting to the end of this topic are wrong idea i will start new one ;-) So my discovery are begin from removing one of aluminium sides if key and using some cheap chemicals to remove glue inside key.
Image
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Thu Sep 13, 2012 4:40 am

Re: IronKey a joke ! Lets put it to the test!

This is really interesting topic it look like they also working on a secure app that should be released soon.

@don did EH every get their ironkeys was a review done ?
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Sep 13, 2012 8:14 am

Re: IronKey a joke ! Lets put it to the test!

Ooh... that was 3 years ago! We gave away 20 IronKeys:

http://www.ethicalhacker.net/content/view/280/8/

and Mike Murray did a review:

http://www.ethicalhacker.net/content/view/259/24/

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Thu Sep 13, 2012 9:02 am

Re: IronKey a joke ! Lets put it to the test!

I must have been taped in a cupboard somewhere.

thanks
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
Previous

Return to Hardware

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software