background image

PAGE  

IRONKEY USER GUIDE

Password Manager Protection

The IronKey Password Manager and 

my.ironkey.com

 work together, giving 

you the ability to back up your online passwords to your Online Security 

Vault at 

my.ironkey.com

. First, you must unlock your IronKey device, which 

requires two-factor authentication.  Your passwords are securely stored in 

a hidden hardware-encrypted area inside the device (not in the file sys

-

tem), being first locally encrypted with 256-bit AES, using randomly gener

-

ated keys encrypted with a SHA-56 hash of your device password.  All 

of this data is then doubly encrypted with 8-bit AES hardware encryp-

tion. This is the strongest password protection we have ever seen in the 
industry.

When you back up your passwords online, IronKey performs a complicat-

ed public key cryptography handshake with IronKey’s services using RSA 

048-bit keys.  After successful authentication, your encrypted block of 
password data is securely transmitted over SSL to your encrypted Online 
Security Vault within one of our highly-secure data facilities. 

IRONKEY SERVICES SECURITY

Secure Facilities

IronKey hosts its online services at state-of-the-art third-party data cen-

ter facilities. Physical access to the IronKey systems requires multiple lev-

els of authentication, including but not limited to hand geometry biomet-

ric readers, “man trap” entry, government-issued photo ID verifications 

and individual access credentials. Each data center facility is equipped with 
numerous surveillance cameras, motion detectors, and a sophisticated 

alarm system. The IronKey infrastructure resides in a secured cage. The 

entire facility is monitored by dedicated on-site security personnel on a 
4x basis. 

Secure Environments & Policies

Logical access to the IronKey environments is controlled by multiple lay-

ers of network technologies such as firewalls, routers, intrusion preven

-

tion systems and application security appliances. For additional protection, 

IronKey partitions its online services and backend applications into differ-
ent network segments with independent security rules and policies. 

Secure Communications & Data at Rest

When users access IronKey web sites and services, all information is ex-

changed over an encrypted channel. This is accomplished through Secure 

Socket Layer (SSL) and by utilizing VeriSign Secure Site and VeriSign Secure 
Site Pro certificates. To ensure additional security for its services, IronKey 
qualified for and is using Extended Validation SSL. The IronKey applica

-

tions encrypt all sensitive data prior to transmitting it within the IronKey 

network and storing in databases.

Summary of Contents for Personal Secure Flash Drive Personal

Page 1: ...PAGE IRONKEY USER GUIDE User Guide IronKey Personal Secure Flash Drive ...

Page 2: ...of dollars of development have gone into bringing this tech nology to you in the IronKey For a quick product overview you can also view our online demos at https www ironkey com demo We are very open to user feedback and would greatly appreciate hearing about your comments suggestions and experiences with the IronKey Standard Feedback feedback ironkey com Anonymous Feedback https www ironkey com f...

Page 3: ... a Mac InitializingYour IronKey on Linux Using the IronKey Unlocker on Linux Using the IronKey Control Panel Using the IronKeyVirtual Keyboard Using the Onboard Firefox Secure Sessions Service Using the IronKey Password Manager Using the Secure Backup Software Importing a Digital Certificate into the IronKey Using my ironkey com UsingYour IronKey in Read Only Mode Product Specifications What s Nex...

Page 4: ...h Drive Your IronKey can safely store 1 2 4 or 8 gigabytes of documents applica tions files and other data The IronKey Cryptochip inside the IronKey protects your data to the same level as highly classified government infor mation and it cannot be disabled or accidently turned off Self Destruct Sequence If the IronKey Cryptochip detects any physical tampering by a thief or a hacker it will self de...

Page 5: ...cure Sessions Service It can be easily toggled through the onboard Mozilla Firefox web browser Self Learning Password Management Securely store and back up all your online passwords as you go with the IronKey Password Manager It allows you to automatically log into your online accounts to avoid keylogging spyware and phishing attacks Online my ironkey com Account You can manage all of your IronKey...

Page 6: ...impossible to tamper with its protected data or reset the password counter If the Cryptochip detects a physical attack from a hacker it will destroy the encryption keys making the stored encrypted files inaccessible Up to 8 gigabytes of secure storage INCLUDES Flash Trash technology for complete data erasure SMART Stores data up to 10 times longer than ordinary flash drives RELIABLE Waterproof tam...

Page 7: ...rdware Additional Security Features USB command channel encryption to protect device communications Firmware and software securely updateable over the Internet Updates verified by digital signatures in hardware Physically Secure Solid rugged metal case Encryption keys stored in the tamper resistent IronKey Cryptochip All chips are protected by epoxy based potting compound Exceeds military waterpro...

Page 8: ...l access to the IronKey systems requires multiple lev els of authentication including but not limited to hand geometry biomet ric readers man trap entry government issued photo ID verifications and individual access credentials Each data center facility is equipped with numerous surveillance cameras motion detectors and a sophisticated alarm system The IronKey infrastructure resides in a secured c...

Page 9: ...rypted Tor circuit we can ensure that no one is injecting unwanted or malicious content into your online communications such as advertisements or spyware You are not assured this level of security with other publicly run exit nodes IronKey can also make sure that no exit node is redirecting your web traffic by providing addition DNS protections This anti pharming measure can also help mitigate phi...

Page 10: ...net connection for the online services Initializing Activatingyour Ironkey On Windows When you open the package you will find one IronKey Secure Flash Drive one lanyard and a Quick Start Guide Below is a brief description of the standard way of setting up an IronKey Step Description 1 Plug the IronKey into your Windows computer s USB port Your IronKey can be initialized on a Windows 2000 XP orVist...

Page 11: ...ate the file system for the secure volume and copy over secure applications and files to the secure volume 7 Activate your my ironkey com account my ironkey com is a secure site where you can man age your IronKey account and devices Accessing my ironkey com requires two factor authentication your IronKey and your password 8 Follow the onscreen directions to setup your my ironkey com account You wi...

Page 12: ...ter and double click on the IronKey drive Entering your password correctly which is verified in hardware will mount your secure volume with all your secure applications and files Entering the wrong password 10 consecutive times will permanently erase all of your data After every three attempts you must unplug and reinsert the IronKey 2 Choose which action to take when you unlock it By selecting th...

Page 13: ...D ROM You must start the IronKey Unlocker manually by going to IronKey Mac IronKey Unlocker and double click ing on the IronKey icon 3 Create your device password and a nickname for your IronKey Your password is case sensitive and must be 4 or more characters long The threat of brute force password attacks is removed by IronKey s self destruct feature 4 Agree to the License Agreement A screen with...

Page 14: ...nd reinsert the IronKey 2 Choose which action to take when you unlock it By selecting the corresponding checkbox before un locking your IronKey you can view your secure files 3 Locking unplugging the IronKey Clicking Lock Drive will exit open IronKey applica tions and lock the device It is then safe to unplug it from your computer Initializingyour Ironkey On Linux If you prefer to use a Linux comp...

Page 15: ...ng you to securely transfer files from and between Windows Mac and Linux computers You can use the other IronKey applications and services on a Windows computer Depending on your Linux distribution you may need root privileges to use the program iron key found in the Linux folder of the mounted virtual CD ROM If you have only one IronKey attached to the system simply run the program from a command...

Page 16: ...o not need to take any other action Also on 64 bit linux systems the 32 bit libraries will have to be installed in order to run the ironkey program 2 Mounting problems Make sure you have permissions to mount external SCSI USB devices Some distributions do not mount automatically and require the following command to be run mount dev name of the device media name of the mounted device The name of th...

Page 17: ...g and always on security 2 Updating device firmware soft ware The IronKey can securely update its software and firmware through signed updates that are verified in hardware This allows users to keep their devices up to date and protect themselves from future malware and online threats To check for available updates click the Check for Up dates button If an update is available you can choose to dow...

Page 18: ...Connection Does not use a proxy Use System Settings import the proxy settings from Windows Internet Options UseWPAD Enter the URL to where your Web Proxy Auto Detect file is located Manual Proxy Enter the URL and port number for your proxy server If proxy authentication is required you can enter your username and password in the appropriate fields 5 Creating a Lost Found Message This feature allow...

Page 19: ...king Lock Drive will exit open IronKey applica tions and lock the device It is then safe to unplug it from your computer Do not unplug your IronKey while applications are still running This could result in data corruption UsingThe IRONKEYVIRTUAL KEYBOARD Windows Only If you are using your IronKey on an unfamiliar computer and are concerned about keylogging and screenlogging spyware use the IronKey...

Page 20: ...clicked on If you do not wish to use this protection simple dis able it in the options menu next to the close button You can also have theVirtual Keyboard automatically launch when it encounters password fields This too is configured in the options menu UsingThe Onboard FIREFOX Secure Sessions Service Windows Since your IronKey comes with a Firefox web browser already onboard none of your cookies ...

Page 21: ...and ISPs You can check this out by going to a site such as whatismyip com or ipchicken com 3 Using the Secure Sessions Tools Network Map Bandwidth Meter and Changing Identities At any point while using Secure Sessions you can launch additional tools form the IronKey System Tray Menu that show you more information regarding your web traffic and current session The Network Map will show all of your ...

Page 22: ...ss and decrypt your passwords The IronKey Password Manager does not store your passwords in a file on the file system of the flash drive so malware will not be able to simple copy off your password database Step Description 1 Adding Portable Bookmarks To make a bookmark work in both the onboard Firefox and the local PC s Internet Explorer simply click the Add Website button on the IronKey Toolbar ...

Page 23: ... Manager automati cally fill in your webform data such as names phone numbers addresses credit card data and email ad dresses First set up this information by clicking on the Set tings button in the IronKey Toolbar Then to fill a webform simply click the Form Filler button 6 Generating strong and random passwords You can use the Password Generator located within the IronKey Control Panel to create...

Page 24: ...ing up your IronKey You can create an encrypted backup of a single file or your entire IronKey to your local comput er Click on the Secure Backup button in the IronKey Control Panel select a destination folder and select which files to back up It s that simple 2 Restoring encrypted backups If you ever lose your IronKey you can restore your data from an encrypted backup Open the Secure Backup clien...

Page 25: ...rd Firefox web browser The import process uses IronKey s PKCS 11 interface and requires Mozilla Firefox Note that there is only space for one additional private key in the IronKey Cryptochip though that key will receive the security benefits of the Cryptochip s tamperproof hardware and self destruct mechanisms Step Description 1 Open the onboard Firefox Click on the icon in the IronKey Control Pan...

Page 26: ... PKCS 12 format certificate file file extension will be p12 in UNIX Linux pfx in Windows 6 A window will appear ask ing you to confirm where to store the certificate Choose IronKey PKCS 11 7 Enter the password that was used to protect the certifi cate If no password was used sim ply leave the text field blank 8 Your certificate is now stored securely in the IronKey Cryptochip and is available for ...

Page 27: ... ironkey com by clicking the my ironkey com button in the IronKey Control Panel This will initiate a complex PKI handshake thus logging you in with strong multi factor authentication If you ever lose your IronKey you can log into Safe Mode by going to https my ironkey com log ging in the account credentials you created when you activated your account This will allow you to mark an IronKey as lost ...

Page 28: ...y email address gives you a fail safe in case your primary email address is no longer available In the event that you ever lose your IronKey or forget your IronKey device password you can still access the site in Safe Mode a restricted mode with limited functionality This is useful for marking your IronKey as lost or recovering a forgotten password Step Description 1 Go to https my ironkey com Her...

Page 29: ... you lock your IronKey Note that some features are not available in Read Only Mode because they require modifying files on your IronKey Examples of unavailable features include the onboard Firefox reformat ting updating and restoring applications and files to your IronKey and using the Applications List On Windows and Mac OS X Computers Step Description 1 When unlocking your IronKey select the Unl...

Page 30: ...cate Number 938 FIPS 186 2 Certificate Numbers 305 and 380 FIPS 197 Certificate Numbers 655 and 689 HARDWARE USB 2 0 High Speed USB 1 1 OS COMPATIBILITY Windows 2000 SP4 XP SP2 Vista IronKey Unlocker for Linux 2 6 x86 IronKey Unlocker for Mac 10 4 PPC and Intel Speeds tested with 4GB device in a laboratory environment with Iometer software Actual speeds may vary Advertised capacity is approximate ...

Page 31: ... and building the IronKey devices and online services A great deal of information can be found online on our websites forum ironkey com User forum with thousands of IronKeyologists www ironkey com General Information learn ironkey com Technical Information such as whitepapers FAQs support ironkey com Customer support information Who is the IronKey Team The IronKey Team consists of security fraud a...

Page 32: ...dental or consequential damages resulting from the furnishing or use of this material The information provided herein is subject to change without notice The information contained in this document represents the current view of IronKey on the issue discussed as of the date of publication IronKey can not guarantee the accuracy of any information presented after the date of publication This document...

Reviews: