manualshive.com logo in svg

DataLocker Sentry K350, User Manual

Share
Download
DataLocker Sentry K350 User Manual Download Page 11

Sentry K350 hardware encrypted USB flash drive - User Guide

Self Destruct

Available for ADMIN

The self destruct action helps prevent brute force attacks by triggering when an individual inputs
an incorrect password too many times. This feature allows the administrator to set a threshold
of incorrect password attempts for the K350 before the self destruct occurs. The administrator
can also configure the self destruct to destroy the data, encryption keys, and settings OR destroy
the device (and data) when the defined number of allowed password attempts is reached. The
default number of allowed password attempts is 10 and can be increased up to 50 but not lower
than 10. When enabling the feature, there are two types of self destruct options to select. Please
refer to the below table for more details.

NOTE:

Incorrect password attempts from both users and administrators are calculated cumula-

tively towards the incorrect password attempts self destruct counter. The counter will reset upon a
correct password attempt.

A. Destroy Data

(default selection) - Your device is wiped completely and all device data, encryp-

tion keys, passwords are destroyed and cannot be recovered. The device needs to go through
the initialization process again.

B. Destroy Device

- Your device is killed completely and all device data, encryption keys, pass-

words are destroyed and cannot be recovered. The device CANNOT be initialized again, the
destruction is permanent.

Deleted asset

A.Destroy Data

(default)

B.Destroy Device

Administrator Password

Deleted

Deleted and K350 destroyed

User Password

Deleted and Disabled

Deleted and K350 destroyed

Configuration by administrator (menus)

Kept

Deleted and K350 destroyed

1. In the Configuration menu select Self Destruct, confirm with Enter-button.
2. Select CHANGE or CANCEL to change the maximum allowed incorrect password entries, the

default is 10.

3. Confirm with Enter-button.
4. Enter the number of attempts you want, between 10-50. Confirm with Enter-button.
5. Select the destruction target, DATA or DEVICE, confirm with Enter-button.
6. The device goes back to the Configuration Menu after confirmation.

Brute-Force Self-Destruct Sequence

The message “Incorrect Password”, along with the current incorrect password count, will scroll
across the screen each time an incorrect password attempt is made. Press

Enter-button

to display

device information or press any other button to return to the password entry screen.

After each 5 consecutive incorrect password attempts, the device will power off. Pressing the

Power

button will allow the user to continue entering passwords.

Provided a limit of attempts that is set to 10, after 7 and 8 consecutive incorrect password attempts,
the message “Brute Force detected! All data will be deleted.” will scroll across the screen. After
the 9th attempt, the message “Self Destruct will begin with next failed login” will scroll across the
screen.

Once the 10th consecutive incorrect password attempt has been made, the device will display
“Hack detected. All data has been deleted.” The device will then power off by pressing any
button. At this stage either the data and/or device has been destructed. If the data is the target

© 2021 DataLocker Inc. All rights reserved.

11

Summary of Contents for Sentry K350

Page 1: ...Sentry K350 hardware encrypted USB flash drive User Guide User Guide Sentry K350 FIPS 140 2 level 3 Common Critera Certified Encrypted USB Flash Drive 2021 DataLocker Inc All rights reserved 1 ...

Page 2: ...K350 features and configurations 7 Connect Selection Menu 7 Accessing the Configuration Menu 8 Change Password 9 Set User 9 SafeConsole 10 Self Destruct 11 Zeroize Drive 12 Strong Password 12 Password Length 12 Auto Lock Time 13 Read Only Mode 13 Keypad Preference 13 Registering Your K350 to SafeConsole 14 Using a SafeConsole Managed Device 15 Unlocking in SafeConsole Mode 15 Locking Your Managed ...

Page 3: ...Information 22 Formatting Your K350 23 Selecting the Correct File System 23 Formatting Your K350 on Windows 23 Formatting Your K350 on macOS 25 Linux Compatibility and Configuration 26 Product Specifications 28 Getting Help 28 Document Version 29 Notices 30 Disclaimer 30 Patents 30 FCC Information 30 2021 DataLocker Inc All rights reserved 3 ...

Page 4: ...and documentation are freely available for download at our website Latest device updates http datalocker com device updates Documentation and support https support datalocker com About the K350 The K350 is a password protected FIPS 140 2 Level 3 certified and Common Criteria cPP certified device1 encrypted USB drive featuring a screen that streamlines setup and operation If the K350 is centrally m...

Page 5: ...button to navigate all characters available on the button Pick a proper password Note Linear and repetitive passwords are not supported and passwords must contain a MINIMUM of 8 characters It is recommended that you use a combination of letters numbers and special characters for your password Some examples of invalid passwords are 78901234 43210987 12345678 1111111 2021 DataLocker Inc All rights r...

Page 6: ...if the device is managed by SafeConsole If the device is not man aged but there is both a Admin and User role active the Admin can assist the User to reset their password while retaining the stored data Only connect the K350 to USB ports The K350 draws the correct amount of current 50mA from the USB port to charge the integrated Lithium Ion battery even while in use If the battery within the devic...

Page 7: ... storage as read only to the host BOOT MODE Boot an installed operating system from the device storage MENU Access the Configuration Menu When the device is managed by SafeConsole the following two options may appear SAFECONSOLE See the section Unlocking in SafeConsole Mode STANDALONE If the SafeConsole administrator allows it the user can utilize Standalone Logins temporarily when unlocking on sy...

Page 8: ...options are displayed Configuration Menu Overview Menu Option Details Login Mode Change Password Change current login password USER ADMIN Set User Configure a user profile for use on your K350 ADMIN SafeConsole Used to enable SafeConsole functionality for your K350 ADMIN Self Destruct Used to configure self destruct counters and methods ADMIN Zeroize Drive Zeroize the device ADMIN Strong Password ...

Page 9: ...your K350 will force the user to create a user unlock password The user will use this password to unlock the device The K350 user has a limited feature set compared to the administrator see Configuration Menu Overview NOTE The User profile is not available if SafeConsole is enabled for your K350 Step by step Process to Set User 1 From the Configuration Menu select and confirm Set User 2 Select Ena...

Page 10: ...ode User enter and confirm the new User password Connect to confirm and access your data SafeConsole Available for ADMIN NOTE Once the device is connected to SafeConsole it will be permanently set to managed state It is not possible to return to an unmanaged state after the device once has become fully managed This option enables SafeConsole management for your K350 SafeConsole is a central manage...

Page 11: ...strator Password Deleted Deleted and K350 destroyed User Password Deleted and Disabled Deleted and K350 destroyed Configuration by administrator menus Kept Deleted and K350 destroyed 1 In the Configuration menu select Self Destruct confirm with Enter button 2 Select CHANGE or CANCEL to change the maximum allowed incorrect password entries the default is 10 3 Confirm with Enter button 4 Enter the n...

Page 12: ...ou will see Please initialize and reformat the drive confirm with Enter button to continue NOTE You must now follow the getting started process as shown in the Getting Started and the Formatting your K350 section of this manual Strong Password Available for ADMIN This feature allows the device administrator to enable the password requirement to be stronger than the default for both ADMIN and USER ...

Page 13: ...the Read Only Mode is enabled data can only be read from the K350 and no data can be written or modified To enable Read Only Mode follow these steps 1 Select Read Only Mode feature from the Configuration Menu confirm with Enter 2 Confirm Enable selection with Enter button The device goes back to the Configuration menu after the confirmation NOTE The administrator and the user can each set Read Onl...

Page 14: ...the SafeConsole administrator through the Quick Connect Guide and is usually sent via email Users without access to a Management Server please contact sales sales datalocker com 1 913 310 9088 1 Power on and unlock Select Connect Your K350 will show a Waiting prompt 2 On your computer double click the Unlocker CD drive under Devices and Drives 3 Upon launch the Device Setup screen should appear 4 ...

Page 15: ...ontrol Panel See Using a SafeConsole Man aged Device for more information NOTE The Unlocker client will generate a Password Recovery Code after your next device un lock It is recommended that your device be disconnected and reconnected to ensure your Password Recovery Code is saved to the SafeConsole Using a SafeConsole Managed Device Unlocking in SafeConsole Mode Once the K350 is registered to Sa...

Page 16: ... Icon in the system tray and click Lock Device 2 Unplug K350 NOTE Managed devices will automatically lock during use if an administrator remotely disables the device You will not be able to unlock the device until the SafeConsole administrator re enables the device The lock mechanism is forced and will not wait on the host system to release the device Setting your K350 to Automatically Lock You ca...

Page 17: ...o a Windows computer to check in To request Standalone logins perform the following steps on a workstation that has a valid con nection to the SafeConsole server 1 Unlock K350 and select Connect confirm with Enter button Your K350 will show a Waiting prompt 2 Select the option Unlocker exe inside of the Unlocker partition that can be found in File Ex plorer 3 Click the Unlock button shown on the D...

Page 18: ...Connect confirm with Enter button to utilize the secure partition NOTE This will decrease the Currently Available count of Standalone logins by one To continue to use your K350 in the normal SafeConsole mode select SafeConsole in step 2 Note The Currently Available number of Standalone logins will be reset to zero if a SafeConsole administrator remotely disables or factory resets your K350 Current...

Page 19: ...xample you cannot reformat the device or edit files on the drive To unlock your device in Read Only Mode through the Control Panel 1 Unlock K350 and select Connect confirm with Enter button Run the Unlocker exe 2 Check the Read Only Checkbox below the Unlock button 3 Click Unlock The DataLocker Control Panel will appear with the text Read Only Mode at the bottom To unlock the device in Read Only M...

Page 20: ...connection Ensure a minimum of 135 MB of free space on the device to accommodate the downloaded malware signature files Your first update may take a long time to download depending on your internet connection The date of the last update is displayed in the Control Panel If the scanner becomes too far out of date it will need to download a large file to bring it back up to date Restoring or Deletin...

Page 21: ...device access outside of the Trusted Zone or when offline To remove a trusted account simply highlight the account you wish to remove and click Remove Reformat Using DataLocker Control Panel Important Before you reformat the device back up your files to a separate location To reformat a device 1 Unlock your device and click Settings on the menu bar of the DataLocker Control Panel 2 Click Tools on ...

Page 22: ...ice Information Before Unlocking To see information about the device without logging into it power on your K350 Before entering the password press the Enter button Device information shown QR Code Serial Number Alpha numeric Serial Number Firmware Version Capacity Certification Logos Patent Information After Unlocking More information can be obtained after logging into the device and launching the...

Page 23: ... No file size limitations Cons Not supported by legacy operating systems FAT32 Pros Cross platform compatible Windows macOS and Linux Cons Limited individual file size of 4GB FAT32 is not available in DataLocker Control Panel for devices larger than 32GB but can still be achieved using the host menus NTFS Pros No file size limitations Cons Limited cross platform compatibility Windows macOS read on...

Page 24: ...hat corresponds to your K350 This example shows E If the drive is not showing up you may need to right click and initialize the drive first 7 Select Format 8 Choose an appropriate Volume Label and File system default from the factory is exFAT Click OK 2021 DataLocker Inc All rights reserved 24 ...

Page 25: ...finished your K350 will be available under This PC Formatting Your K350 on macOS 1 Go to Applications under your Finder 2 Click Utilities and open Disk Utility You will receive a warning message that the drive is not readable Click Ignore 3 Select the unformatted K350 disk 4 Click the Erase tab at the top of the screen 2021 DataLocker Inc All rights reserved 25 ...

Page 26: ...ve with Time Machine Choose your preferred option 8 Click Done Your formatted K350 should now appear under Devices Linux Compatibility and Configuration The K350 is platform independent capable of being run with 100 compatibility on most systems For optimal Linux or Unix based system compatibility we recommend using at least the Linux 2 6 31 Kernel released 9 September 2009 which implemented the x...

Page 27: ...tically mount To format the drive first enter terminal then list detected hard disks using fdisk l grep Disk Your configuration may vary For this example we ll assume the disk is at dev sdb You will then type fdisk dev sdb Follow the instructions in fdisk to create a new partition Finally use the mkfs command to format the disk for Linux Here we use ext4 mkfs ext4 dev sdb1 If you want to rename th...

Page 28: ...60 C Long Term Storage Temperature More than 1 week 20 C 40 C Warranty 3 years Limited Interface USB A 3 2 Advertised capacity is approximate Some space is required for onboard software Speed varies with host hardware software file system and usage Device should be completely dry before use Getting Help The following resources provide more information about DataLocker products Please contact your ...

Page 29: ... support firmware version 1 51 and device software version 6 5 The latest version of this document resides at https media datalocker com manuals k350 DataLocker_K350_User_Guide pdf This document was compiled on 29 Jul 2021 14 35 57 UTC GMT 0000 2021 DataLocker Inc All rights reserved 29 ...

Page 30: ...bject to the following two con ditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection agains...

Reviews:

No comments

Brands by name

Popular brands

Load more brands