Peachtree by Sage
  • Contact Us
  • Sage North America
Community
Community

How Secure is Your USB Drive?

by Administrator on 07-28-2009 08:52 AM - last edited on 01-19-2010 02:29 PM

Did you hear the recent news story about how identity thieves don't even need your social security number anymore? By using other information about you with which you haven't been as careful, they can employ formulas to guess your SSN with a frighteningly high success rate. It's just more proof that we need to keep an even tighter grip on personal details. But if you carry a USB flash drive around on your keychain, it probably contains at least some confidential information. That's why you were sure to password-protect it, right? Passwords are good, but they won't stop even a moderately skilled evil-doer.

I recently visited with the owner of a local accounting and financial planning firm who told me about IronKey. He raved about it and told me it allows him the convenience of moving Peachtree backup files between his office and his clients' sites without the fear of security vulnerabilities.

IronKey is a slick device that, if nothing else, will give you a little James Bond cachet. It's a USB drive housed in a rugged waterproof metal case. The technical innards are encased in an epoxy-based potting compound (goo) that makes it tamperproof. It uses military-grade AES hardware encryption to keep files secure, and encryption keys are stored on its "Cryptochip." If the device detects a physical attack, the Cryptochip will self-destruct to destroy the encryption keys (Mission Impossible smoke not included).

 

It includes software for securely managing your passwords and for creating automatic secure backups. It can also run compatible portable software applications and comes with a portable version of Firefox installed. This allows you to use your IronKey at public computers without leaving a trace.

The Enterprise version of IronKey includes online tools for managing password policies, self-destruct sensitivity, and user audit trails. And here's the really cool part: if a former employee or someone else with a valid password has access to one of your IronKeys, you can remotely deny access, delete files, and even destroy the device.

You'll pay a premium for all this security. A 4GB model of the personal version goes for $149, or about $130 more than you'd pay for a standard 4GB drive. Of course, like any insurance, that could turn out to be money very well spent.

   

Image credit: IronKey.com

Message Edited by MikeS on 01-19-2010 02:29 PM

Comments
by Sage Employee KevinF on 09-02-2009 06:17 PM

Hi Mike

 

I use an IronKey and have for a few years, they are great, I highly recommend them. But as you noted they are expensive and into today's economy many people are looking for ways to increase security but on a budget. An option that I have recommended to friends and family is to use a free open source encryption tool called TrueCrypt (http://www.truecrypt.org/) with a normal USB pen drive.

 

While it is a little more complicated to setup and use than an IronKey, its free and you can put it on virtually any USB drive. They have a pretty good Beginners Tutorial in their Documentation, that should get most users on their way. TrueCrypt also has some really nice advanced options that are not available with the IronKey, that might be beneficial to more tech savvy users. And if users want to add Firefox or other portable apps to the drive they can use applications from http://www.pendriveapps.com/ or http://portableapps.com/

 

TrueCrypt can also be put on portable hard drives that users often use to backup laptops that only require a USB port and no extra power cables, this gives you much larger capacity over traditional USB pen drives.

 

There are some portable drives available that have similar functionality to the IronKey. Seagate has one called "BlackArmor PS110" that holds 500Gigs.
http://www.seagate.com/www/en-us/products/external/blackarmor/blackarmor_ps_110/ costs about $159.99.

 

by Jame(anon) on 01-13-2010 12:48 PM
https://www.ironkey.com/usb-flash-drive-flaw-exposed Not only are they expensive, they dont work! A recent flaw discovered with the Device means anyone with the right know how can decrypt the entire contents without needing the users password. The only company out of all those effected, Kingston Technology, was the only one to issue a product recall across it's range until a fix can be found, the chip used in the encryption and drive scrambling features is also widely marketed in various other products including Apples iPhone. Hundreds of thousands of units effected by this vulnerability remain on sale.. So I have to ask, do you feel like you got your moneys worth?
by Louis(anon) on 01-18-2010 01:48 PM

In response to James: Your posting is actually incorrect; please actually read the article from IronKey, as it describes how IronKey devices are NOT vulnerable to this attack. You may also want to read this Press Release from them: https://www.ironkey.com/news/usb-security-flaw

 

To put in simple terms, the vulnerability was with encrypted drives that use software on the local machine to 'verify' the password and unlock the device. This was modified to allow you to place any password and it would verify it as the correct unlock code (universal unlock code for ALL of the affected vendors/models). IronKeys actually do this in hardware and use a different method for unlocking the flash drives. 

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.