Sturdy and secure USB flash memory storage solution is rapidly deployable with a SAAS-based configuration and management tool.
IronKey has built its Enterprise
D200 and S200 USB flash drives to withstand
just about anything thrown at it. And I made it my goal to find out how much of
a beating it could actually take.
flash drives are rugged, waterproof to MIL-STD-810F
specifications and meet Security Level 3 of FIPS 140-2. A tamper-resistant and
tamper-evident design houses flash memory storage and a crypto chip, which
provides AES 256-bit encryption in CBC
For those who are price
sensitive, the D200 series uses MLC flash memory, while the S200 series uses
SLC flash memory to provide faster performance and longer data life. Both
series share the same physical characteristics. The S200 is priced at $79 for a
1GB model, $199 for 8GBs and $299 for 16GB. The D200 is priced at $99 for a 4GB
model, $129 for 8GB and $299 for 32GB. The management service costs $24 per
user per year.
The IronKey drives are extraordinarily solidly constructed
of flash memory embedded in military-grade epoxy wrapped in a single piece
aluminum casing. To put it concisely, I beat the hell out of these things. I
blame IronKey for encouraging me by sending me seven test units. I felt like I
should just keep finding new ways to torture them.
The hardware didn't flinch when thrown off the roof of a
four-story building, spiked down a flight of stairs, put through the dishwasher
and anchored under Barnegat
for a month. The body took the blow of a 20-pound weight, although the cap did
split open after a direct shot. The USB
connector, however, was undamaged.
I broiled the device in the toaster oven at 325 degrees for
15 minutes, at which time the plastic over the "in use" LED melted
into a brown gooey mess. I allowed the drive to cool to room temperature and
then plugged it in, and it didn't work. Fascinatingly, a cheap USB
drive did work after being subjected to the same broiling. IronKey specifies
maximum operating temperature at 70 degrees C, or 158 degrees F, which is
reasonable-exposing the hardware to such heat would be a rather unusual use
IronKey provides a hosted (SAAS) management solution for
enterprise customers to enroll, deploy and manage devices once they create an
online account. The company does provide an on-premises software solution, but
since, according to IronKey, most of its clients opt for the online service, I
chose to review that. First I created a management account and a default
security policy. Then I enrolled devices based on serial number in the
management console and applied a security configuration prior to deploying to
end users. Devices are shipped with bar codes etched into them that are mapped
to serial numbers stored on the device to enable rapid deployment and asset
tracking. Units can go very quickly from their boxes to providing users with
preconfigured and secure portable storage environments.
The device can be configured to not only provide encrypted
storage but to also self-defend. I installed the Silver Bullet Service, an
optional management feature that checks and applies security policy from the
IronKey server over the Internet when a drive is connected and log-in is
attempted. With the Silver Bullet Service, I set and verified the functioning
of drives to deny access if the security policy could not be accessed online,
lock out the user or issue a self-destruct command, in which case the crypto
chip is destroyed and the data is deleted from the flash memory.
I easily placed restrictions on location based on the
network the host is connected to when the device is attached. This could be
useful in a situation where employees can use devices at work but not on the
road or at home. Configuration options are extensive: The device can be set to
pull a configuration script from a URL or to route all traffic through a proxy,
where the traffic can be secured and audited. On a device or group basis, I
could prevent read and/or write, and applied Lockdown Autorun to prevent
executables from running on the drive. Between read-only and preventing
executables from running from removable media, I had the beginning of a larger
There are tools to help create secure backups either on the
drive or from the drive. These can be preconfigured by an administrator or
manually invoked by the user. From the management console, it was very easy to
choose which features and applications to deploy to individual units. I chose
to deploy the full suite, but could just as easily have deployed the units as
When I plugged in the D200 (or S200, they are functionally
the same), I went to My Computer, double-clicked IronKey Unlocker and then
double-clicked IronKey.exe to launch the IronKey Control Panel. Secure versions of applications such as
Mozilla Firefox can be run from the S200. First-time users can orient
themselves rapidly by reading the PDF "IronKey Enterprise User
Guide." Identity Manager stores and protects usernames and
passwords-either automatically as each site is visited or manually keyed in and
saved. A virtual keyboard pops up on-screen whenever a user is prompted for a
password to prevent keyloggers from stealing them. I enjoyed being able to
toggle Secure Sessions on and off with a single click from within Firefox. Toggling
this switch enables Tor (The Onion Router), an open-source HTTP proxy that
renders user IP addresses untraceable-and therefore safer from attacks. There's
nothing saved to the drive and nothing run from the drive, Firefox is proxied
through Tor, and your users are looking pretty clean in the outside world.
Performance for the D200 was rated at up to 25MB/s read and 17MB/s
write. The best result obtained through ATTO Disk Benchmark was 27.5MB/s read and
11.3MB/s write. I copied a 700MB file to the drive in 71.9 seconds (9.7MB/s)
and back in 30.0 seconds (23.3MB/s). For the S200, the device is rated at
27MBps read and 24MB/s write, a significant difference from the 26.9MB/s read
and 14.5MB/s write that I measured in ATTO. I copied a 361MB file to the S200
in 30.5 seconds (11.8MB/s) and from the S200 in 17.8 seconds (20.2MB/s). These
are very respectable numbers, although it is worth noting that write speeds are
well below the manufacturer's ratings. For reference, a "normal" or "el cheapo"
USB stick does 24.0 MB/s read and 6.6MB/s write in ATTO.
IronKey is compatible with a wider variety of operating
systems than the competition, such as Windows 7, Vista,
XP SP2 and 2000 SP4; Mac OS X 10.4+; and Linux 2.6+. I had no problem using the
S200 on various flavors of Windows and Linux. For a far-flung enterprise, this
is significant: A device could be preconfigured and prepopulated with important
information, mount on just about anything, and run its own secure environment.
In my case, I connected my S200, launched Firefox, installed the Xmarks plug-in
and had access to all of my bookmarks. I could just as easily had essential
policies, procedures, manuals and other documentation saved to the drive.
Sending field agents a netbook and a preconfigured IronKey
is something worth considering if your business or agency compels quick
Matthew D. Sarrel, CISSP, is a network security,product development, and technical marketingconsultant based in New York City. He is also a gamereviewer and technical writer. To read his opinions on games please browse http://games.mattsarrel.com and for more general information on Matt, please see http://www.mattsarrel.com.