IRONKEY Enterprise User Guide Models S200, S100 D200 IRONKEY ENTERPRISE USER GUIDE PAGE 1
Thank you for your interest in IronKey. IronKey is committed to creating and developing the best security technologies and making them simple-to-use, affordable, and available to everyone. Years of research and millions of dollars of development have gone into bringing this technology to you in the IronKey. For a quick product overview, you can also view our online demos at https://www.ironkey.com/demo.
CONTENTS What is it? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Meet the IronKey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Core Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Device Diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
What is it? Meet the IronKey The IronKey Enterprise Secure Flash Drive, designed to be the world’s most secure USB flash drive, protects your data, passwords, and Internet privacy with some of today’s most advanced security technologies. Your IronKey includes a suite of security software and online services, many of which are described in this User’s Guide. Depending on how your System Administrator has configured your IronKey, some of these features might not be included on your IronKey.
Simple Device Management Your IronKey includes the IronKey Control Panel, a central launchpad for launching your applications, editing your preferences, and safely locking your IronKey. Portable and Cross-Platform Data Access The IronKey Unlocker allows you to access your encrypted files on Windows 2000, XP, Vista, Mac OS X and numerous distributions of Linux. Secure Local Backup and Data Recovery Securely back up the data on your IronKey using IronKey’s Secure Backup software.
Device Diagrams The IronKey has been designed from the ground up with security in mind. A combination of advanced security technologies are used to ensure maximum protection of your data. Additionally, the IronKey has been designed to be physically secure, to prevent hardware-level attacks and tampering, as well as to make the device rugged and long-lasting. You can rest assured that your data is secured when you carry an IronKey.
Technical and Security Notes We are endeavoring to be very open about the security architecture and technology that we use in designing and building the IronKey devices and online services. There is no hocus-pocus or handwaving here. We use established cryptographic algorithms, we develop threat models, and we perform security analyses (internal and third party) of our systems all the way through design, development and deployment.
Identity Manager Protection The IronKey Identity Manager and my.ironkey.com work together, giving you the ability to back up your online passwords to your Online Security Vault. First, you must unlock your IronKey device with your device password. Your Identity Manager passwords are securely stored in a hidden hardware-encrypted area inside the device (not in the file system), being first locally encrypted with 256-bit AES, using randomly generated keys encrypted with a SHA-256 hash of your device password.
How does it work? Product Walkthrough Your IronKey Enterprise Secure Flash Drive consists of the following components: » IronKey Unlocker (Windows, Mac and Linux) » IronKey Control Panel (Windows and Mac) » IronKey Virtual Keyboard (Windows only) » Mozilla Firefox and IronKey’s Secure Sessions Service (Windows only) » IronKey Identity Manager (Windows only) » IronKey Secure Backup (Windows only) » RSA SecurID (Windows only) » my.ironkey.
# Step 2 The “Activate Your IronKey” screen appears. Description The IronKey autoruns as a virtual CD-ROM. Windows: This screen might not appear if your computer does not allow devices to autorun. You can start it manually by double-clicking the IronKey Unlocker drive in “My Computer” and double-clicking the “IronKey.exe” file. Mac: Double-click the IronKey drive on your desktop, and double-click the “IronKey” file.
# Step 7 Set up your personalized login information for your my.ironkey.com account by clicking the “Login to my.ironkey.com” button. Description If enabled, you continue the setup process online. my.ironkey.com is a secure site where you can manage your IronKey account and devices. Accessing my.ironkey.com requires two-factor authentication (your IronKey and your password). 8 Follow the onscreen directions to Depending on your organization’s settings, you setup your my.ironkey.com account.
USING THE IRONKEY UNLOCKER ON WINDOWS The IronKey Unlocker allows you to securely access your files on multiple operating systems. It prompts you for your password, securely validates it, and then mounts your secure volume where all of your files are stored on the IronKey. Here is how to unlock your IronKey on Windows 2000 (SP4), XP (SP2+), and Vista: # Step 1 Plug in your IronKey and unlock it with your password. Description When you plug your IronKey in, the “Unlock Your IronKey” window appears.
# Step 3 Unlock it with your password. Description Entering your password correctly (which is verified in hardware) will mount your secure volume with all your secure files. Entering the wrong password too many times will permanently erase all of your data. After every three attempts, you must unplug and reinsert the IronKey. NOTE: Some operations require that your IronKey connect to the Internet before unlocking.
Please note the following important details for using your IronKey on Linux: 1. Kernel Version must be 2.6 or higher If you compile your own kernel, you must include the following in it: » DeviceDrivers->SCSIDeviceSupport-><*>SCSICDROMSupport » DeviceDrivers-><*> Support for Host-side USB » DeviceDrivers-><*> USB device filesystem » DeviceDrivers-><*> EHCI HCD (USB 2.
USING THE IRONKEY CONTROL PANEL (WINDOWS AND MAC) The IronKey Control Panel is a central location for: » Launching secure applications » Securely logging into my.ironkey.com » Configuring your IronKey settings » Updating your device » Changing your IronKey password » Safely locking your device » Getting online help Most of the Control Panel’s options are located in the “Settings” menu. NOTE: The Windows version of the IronKey Control Panel is shown.
# Step 3 Configuring your preferences Description Click “Settings” to configure your preferences. » You can enable the Identity Manager. » You can enable Secure Sessions. » Select the default web browser for your IronKey. » You can set a device time-out to automatically lock your IronKey after a specified period of inactivity. » You can install the IronKey Auto-Launch Assistant, which automatically opens the IronKey Unlocker when you plug in an IronKey.
# Step 7 Viewing device details Description You can view details about your device, including model number, serial number, software and firmware version, secure files drive, and OS. You can also click the copy button (CTRL+C) to copy device details to the clipboard for your forum posting or support request; visit the website (CTRL+W); or view legal notices (CTRL+N) and certifications (CTRL+?).
USING THE IRONKEY VIRTUAL KEYBOARD (WINDOWS ONLY) If you are using your IronKey on an unfamiliar computer and are concerned about keylogging and screenlogging spyware, use the IronKey Virtual Keyboard, which helps protects your passwords by letting you click out letters and numbers. The underlying techniques in the IronKey Virtual Keyboard will bypass many trojans, keyloggers, and screenloggers.
USING THE ONBOARD FIREFOX AND SECURE SESSIONS SERVICE (WINDOWS) If enabled, a Firefox web browser is already onboard your IronKey, so none of your cookies, history files, bookmarks, add-ons or online passwords is stored on the local computer. Now you can carry your personalized web experience with you to other computers without worry.
USING THE IRONKEY IDENTITY MANAGER (WINDOWS ONLY) The IronKey Identity Manager, if enabled, securely stores and uses many of your most important identity credentials, including login information and one-time passwords to applications and online accounts. With a click of a button, it automatically launches a specified application, fills in your username and password, and then logs you in. It can even generate strong passwords for you, so that you can really lock down your important accounts.
# Step 2 Automatically logging into an account 3 Editing/deleting logins and accounts 4 Backing Up and Restoring Identity Manager Data 5 Locking down accounts with VeriSign’s VIP Service 6 Generating strong and random passwords 7 Modifying the Identity Manager Settings IRONKEY ENTERPRISE USER GUIDE Description The next time you return to a website or application for which you have stored a password, your login automatically fills in for you.
USING THE SECURE BACKUP SOFTWARE (WINDOWS ONLY) If your IronKey is lost or stolen, you have peace of mind knowing that your confidential information cannot be seen by anyone but you. And getting your data back is simple with IronKey’s Secure Backup software, which, if enabled, securely restores your data to a new IronKey. Back up your data on a regular basis.
USING RSA SECURID ON YOUR IRONKEY (WINDOWS ONLY) If enabled, your IronKey can provide additional strong authentication capabilities by generating RSA SecurID one-time passwords. Your System Administrator provides a file to import your tokens and is likely to import your tokens for you. # Step 1 Open the RSA SecurID application. Description Click the icon in the IronKey Control Panel’s application list. 2 Import a .stdid file. This might be done by your System Admin for you. 1. Click the “Options” button.
IMPORTING A DIGITAL CERTIFICATE INTO THE IRONKEY (WINDOWS ONLY) The IronKey Cryptochip includes a limited amount of extremely secure hardware storage space, which can be used for storing the private key associated with a digital certificate. This provides you with additional strong authentication capabilities. For example, you could store a self-signed certificate used for internal systems that will allow you to automatically log in when using the IronKey’s onboard Firefox web browser.
# Step Description 4 Note that IronKey’s certificate is available here. Now you can add your own. Click the “Import” button. 5 Browse to the PKCS#12You will be prompted for the location of the PKCS#12format certificate file and format certificate file (file extension will be .p12 in UNIX/ open it. Linux, .pfx in Windows). 6 A window appears asking you to confirm where to store the certificate. Choose “IronKey PKCS#11” 7 Enter the password that was used to protect the certificate.
USING MY.IRONKEY.COM (WINDOWS AND MAC) NOTE: Depending on how your System Administrator has configured your IronKey, you might not have an online IronKey account, and this section might not apply to you. Your IronKey supports advanced cryptographic authentication using strong PKI key pairs generated in the IronKey Cryptochip. When you log into my.ironkey.com from your device, it uses these unique keys as your digital identity credentials.
# Step 5 Monitoring account activities 6 Enabling Account Alerts for real-time account monitoring 7 Changing account credentials Description The Account Dashboard shows you the recent activities on your account, such as logins, failed password attempts, and when your device password has been recovered. You can enable a number of Account Alerts for additional insight into what activities are occurring on your my.ironkey.com account.
USING YOUR IRONKEY IN READ-ONLY MODE (WINDOWS, MAC, LINUX) You can unlock your IronKey in a read-only state such that files on your IronKey cannot be edited. An example of when this is useful is when you want to access a file on your IronKey while using an untrusted or unknown computer. If you unlock your IronKey in Read-Only Mode, you need not fear that malware on that machine can infect your IronKey or modify your files.
USING THE IRONKEY MALWARE SCANNER (WINDOWS ONLY) Normal flash drives can inadvertently spread malware from one computer to another.
# Step 3 The IronKey Malware Scanner will automatically scan your IronKey, including onboard files (compressed and uncompressed files) and any running system processes. 4 The IronKey Malware Scanner will report and clean any malware that is found. 5 You can also scan your computer drives by selecting the drive you would like to scan from the IronKey Malware Scanner system tray menu. Description A window opens in the background that shows you the scanning progress.
Product Specifications For details about your device, see “About IronKey” in IronKey Control Panel Settings. CAPACITY* Up to 32GB, depending on the model DIMENSIONS 75mm X 19mm X 9mm WEIGHT 0.8 oz WATERPROOF MIL-STD-810F OPERATING TEMPERATURE 0C, 70C OPERATING SHOCK 16G rms ENCRYPTION Hardware: 256-bit AES (Models S200, D200), 128-bit AES (Model S100) Hashing: 256-bit SHA PKI: 2048-bit RSA FIPS CERTIFICATIONS See www.ironkey.com for details. HARDWARE USB 2.0 (High-Speed) port recommended, USB 1.
What’s next? In many ways, that’s up to you. We are focused on building not only the world’s most secure flash drive, but also enabling technologies that are simple and enjoyable to use. Your feedback really matters to us, and we carefully review all feature requests and customer feedback for prioritization of our next great features and products. Have a cool idea or suggestion? Please let us know. You can open a thread on the IronKey Forum (forum.ironkey.com) or submit feedback to feedback@ironkey.com.
Contact Information Product Feedback feedback@ironkey.com Feature Requests featurerequest@ironkey.com IronKey Online Support https://my.ironkey.com For support, please contact your https://learn.ironkey.com Helpdesk or System Admin https://support.ironkey.com https://forum.ironkey.
