IronKey Enterprise S200, Enterprise D200, Enterprise S100 User Manual

User Guide

IronKey Enterprise
Models: S200, S100, D200

PAGE 1IRONKEY ENTERPRISE USER GUIDE

Thank you for your interest in IronKey.

IronKey is committed to creating and developing
the best security technologies and making them
simple-to-use, affordable, and available to every­one. Years of research and millions of dollars of
development have gone into bringing this tech­nology to you in the IronKey.

For a quick product overview, you can also view
our online demos at https://www.ironkey.com/demo.

We are very open to user feedback and would
greatly appreciate hearing about your comments,
suggestions, and experiences with the IronKey.

Standard Feedback:

feedback@ironkey.com

Anonymous Feedback:

https://www.ironkey.com/feedback

User Forum:

https://forum.ironkey.com

PAGE 1IRONKEY ENTERPRISE USER GUIDE

CONTENTS

What is it? ................................................3

Meet the IronKey .......................................................3

Core Features..........................................................3

Device Diagrams .......................................................5

Technical and Security Notes ..............................................6

IronKey Device Security .................................................6

How does it work? .........................................8

Product Walkthrough ....................................................8

Activation and Initialization (Windows and Mac)..............................8

Using the IronKey Unlocker on Windows ...................................11

Using the IronKey Unlocker on a Mac .....................................11

Using the IronKey Unlocker on Linux .....................................12

Using the IronKey Control Panel (Windows and Mac) .........................14

Using the IronKey Virtual Keyboard (Windows Only) ..........................17

Using the Onboard Firefox and Secure Sessions Service (Windows Only) ..........18

Using the IronKey Identity Manager (Windows Only)..........................19

Using the Secure Backup Software (Windows Only) ..........................21

Using RSA SecurID on Your IronKey (Windows Only) ..........................22

Importing a Digital Certicate into the IronKey (Windows Only) .................23

Using my.ironkey.com (Windows and Mac) .................................25

Using Your IronKey in Read-Only Mode (Windows, Mac, Linux) ..................27

Using the IronKey Malware Scanner (Windows Only) .........................28

Product Specications...................................................30

What’s next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Where can I go for more info?............................................31

Who is the IronKey Team? ...............................................31

Contact Information ....................................................32

PAGE 2IRONKEY ENTERPRISE USER GUIDE

What is it?

Meet the IronKey

The IronKey Enterprise Secure Flash Drive, designed to be the world’s

most secure USB ash drive, protects your data, passwords, and Internet

privacy with some of today’s most advanced security technologies. Your
IronKey includes a suite of security software and online services, many
of which are described in this User’s Guide. Depending on how your

System Administrator has congured your IronKey, some of these features

might not be included on your IronKey.

Core Features

Hardware-Encrypted Flash Drive

Your IronKey can safely store 1, 2, 4, 8, 16, or 32 gigabytes of documents,

applications, les and other data. The IronKey Cryptochip inside
the IronKey protects your data to the same level as highly classied

government information and cannot be disabled or accidently turned off.

Self-Destruct Sequence

If the IronKey Cryptochip detects any physical tampering by a hacker, it
will self-destruct. Similarly, after too many consecutive invalid password
attempts

Anti-Malware Protection

Your IronKey helps protect you from many of the latest malware

threats targeting USB ash drives. It will prevent autorun execution of

unapproved programs, can be unlocked in a Read-Only Mode, and can
scan and clean malware from your IronKey with the IronKey Malware
Scanner.

your IronKey will self-destruct using ash-trash technology.

PAGE 3IRONKEY ENTERPRISE USER GUIDE

Simple Device Management

Your IronKey includes the IronKey Control Panel, a central launchpad for
launching your applications, editing your preferences, and safely locking
your IronKey.

Portable and Cross-Platform Data Access

The IronKey Unlocker allows you to access your encrypted les on

Windows 2000, XP, Vista, or 7, Mac OS X and numerous distributions of
Linux.

Secure Local Backup and Data Recovery

Securely back up the data on your IronKey using IronKey’s Secure Backup
software. It allows you to recover your data to a new IronKey in case your
IronKey is ever lost or stolen, or synchronize data between IronKeys.

Stealth Browsing Technology

Surf the Web safely and privately through almost any network, even across
unsecured wireless hotspots, with IronKey’s Secure Sessions Service. It
can be easily toggled through the onboard Mozilla Firefox web browser.

Self-Learning Password Management

Securely store and backup all your passwords as you go with the IronKey
Identity Manager. It allows you to automatically log into your applications
and online accounts to avoid keylogging spyware and phishing attacks.

Online Security Vault

If your IronKey is ever lost or stolen, you can easily restore your online
passwords from an encrypted online backup.

Waterproof and Tamper-Resistant

The IronKey was designed to survive the extremes. The IronKey’s rugged
encasing is injected with an epoxy compound that makes it not only
tamper-resistant, but waterproof to military specications (MIL-STD-810F).

Section 508 compliance

The IronKey Control Panel is Section 508 compliant. Users with
disabilities have keyboard navigation and screen reader support.

PAGE 4IRONKEY ENTERPRISE USER GUIDE

Rugged case

lled solid with epoxy

Multi-color LED

Device Diagrams

The IronKey has been designed from the ground up with security in mind.
A combination of advanced security technologies are used to ensure
maximum protection of your data. Additionally, the IronKey has been
designed to be physically secure, to prevent hardware-level attacks and
tampering, as well as to make the device rugged and long-lasting. You can
rest assured that your data is secured when you carry an IronKey.

Cap

Area to engrave
your name/code

Laser-engraved

unique serial number

(plus barcode on newer

devices)

USB 2.0

Connector

This IronKey Cryptochip is hardened against physical attacks such as

power attacks and bus snifng. It is physically impossible to tamper with

its protected data or reset the password counter. If the Cryptochip
detects a physical attack from a hacker, it will destroy the encryption keys,

making the stored encrypted les inaccessible.

PAGE 5IRONKEY ENTERPRISE USER GUIDE

Technical and Security Notes

We are endeavoring to be very open about the security architecture and
technology that we use in designing and building the IronKey devices and
online services. There is no hocus-pocus or handwaving here. We use
established cryptographic algorithms, we develop threat models, and we

perform security analyses (internal and third party) of our systems all the

way through design, development and deployment.

IRONKEY DEVICE SECURITY

Data Encryption Keys

» AES keys generated by onboard Random Number Generator
» AES keys generated by user at initialization time and encrypted
» AES keys never leave the hardware and are not stored in NAND ash

Self-Destruct Data Protection

» Secure volume does not mount until password is veried in hardware
» Password try-counter implemented in tamper-resistant hardware
» Once password try-count is exceeded, all data is erased by hardware

Additional Security Features

» USB command channel encryption to protect device communications
» Firmware and software securely updateable over the Internet
» Updates veried by digital signatures in hardware

Physically Secure

» Solid, rugged case
» Encryption keys stored in the tamper-resistant IronKey Cryptochip
» All chips are protected by epoxy-based potting compound
» Exceeds military waterproof standards (MIL-STD-810F)

Device Password Protection

The device password is hashed using salted SHA-256 before being
transmitted to the IronKey Secure Flash Drive over a secure and unique
USB channel. It is stored in an extremely inaccessible location in the

protected hardware. The hashed password is validated in hardware (there

is no “getPassword” function that can retrieve the hashed password), and
only after the password is validated is the AES encryption key unlocked.
The password try-counter is also implemented in hardware to prevent
memory rewind attacks. Typing your password incorrectly too many times

initiates a patent-pending “ash-trash” self-destruct sequence, which is run

in hardware rather than using software, ensuring the ultimate protection
for your data.

PAGE 6IRONKEY ENTERPRISE USER GUIDE

Identity Manager Protection

The IronKey Identity Manager and my.ironkey.com work together, giving
you the ability to back up your online passwords to your Online Security
Vault. First, you must unlock your IronKey device with your device
password. Your Identity Manager passwords are securely stored in a

hidden hardware-encrypted area inside the device (not in the le system),
being rst locally encrypted with 256-bit AES, using randomly generated

keys encrypted with a SHA-256 hash of your device password. All of
this data is then doubly encrypted with 128-bit or 256-bit AES hardware
encryption. This is the strongest password protection we have ever seen
in the industry.

When you back up your passwords online, IronKey performs a
complicated public key cryptography handshake with IronKey’s services
using RSA 2048-bit keys. After successful authentication, your encrypted
block of password data is securely transmitted over SSL to your
encrypted Online Security Vault.

Find more information at

https://support.ironkey.com

PAGE 7IRONKEY ENTERPRISE USER GUIDE

How does it work?

Product Walkthrough

Your IronKey Enterprise Secure Flash Drive consists of the following components:

» IronKey Unlocker (Windows, Mac and Linux)
» IronKey Control Panel (Windows and Mac)
» IronKey Virtual Keyboard (Windows only)
» Mozilla Firefox and IronKey’s Secure Sessions Service (Windows only)
» IronKey Identity Manager (Windows only)
» IronKey Secure Backup (Windows only)
» RSA SecurID (Windows only)
» my.ironkey.com (Windows and Mac)

NOTE: Your System Admin might not make all components available on your IronKey.

Standard Usage Requires:

» Windows 2000 (SP4), XP (SP2+), Vista, or 7, Mac 10.4+ or Linux (2.6+) computer
» A USB 2.0 port for high-speed data transfer
» An Internet connection for the online services
» An email from your System Admin with an Activation Code

ACTIVATION AND INITIALIZATION (WINDOWS AND MAC)

When you open the package, you will nd one IronKey Secure Flash Drive and a Quick Start

Guide. Below is a brief description of the standard way of setting up an IronKey:

NOTE: The Windows version of the IronKey Control Panel is shown.

# Step Description

1 Plug the IronKey into your

computer’s USB port.

Your IronKey can be activated and initialized on a

Windows (2000, XP, or Vista, or 7) or Mac (10.4+,

Intel) computer.

To use the full speed of the IronKey, plug it into a USB

2.0 port.

PAGE 8IRONKEY ENTERPRISE USER GUIDE

# Step Description

2 The “Activate Your IronKey”

screen appears.

The IronKey autoruns as a virtual CD-ROM.

Windows: This screen might not appear if your
computer does not allow devices to autorun. You
can start it manually by double-clicking the IronKey
Unlocker drive in “My Computer” and double-clicking

the “IronKey.exe” le.

Mac: Double-click the IronKey drive on your desktop,

and double-click the “IronKey” le.

NOTE: You can install the IronKey Auto-Launch
Assistant, which automatically opens the IronKey
Unlocker when you plug in an IronKey. See
“Preferences” in IronKey Control Panel Settings. (Mac
only)

3 Retrieve the email with your

Activation Code. Copy and paste
it into the IronKey window.

Your System Admin has setup your IronKey ahead of
time to abide by your organization’s security standards.
You will receive an email with an Activation Code that
is needed to use your IronKey.

Enter your email address and your Activation Code

into the elds provided on the IronKey window. Click

“Continue” when you are ready.

If your IronKey cannot connect to the Internet, click
“Edit Proxy Settings” to adjust its network settings.

4 Create a device password and a

nickname for your IronKey.

Since you can have multiple IronKeys associated
with one IronKey account, the nickname helps you
distinguish between different IronKey devices.

The threat of brute-force password attacks is removed
by the IronKey’s self-destruct feature. Your password
is case-sensitive and must match your organization’s
password policy.

5 Back up your password to your

online IronKey account

If enabled, you have the option to back up your
password online to your my.ironkey.com account. That
way, if you ever forget your password, your System
Admin can email you a reminder.

6 The IronKey initializes. During this process, it generates the AES encryption

keys, creates the le system for the secure volume,
and copies secure applications and les to the secure

volume.

PAGE 9IRONKEY ENTERPRISE USER GUIDE