Mulberry Holdall Tasker Mulberry Holdall Tasker in leather

by marie4767 on 2012-03-05 16:26:48

SecurityIronclad: A small, secure computer in your pocket by Barton Gellman | November 17, 2010 | + Tweet

One common challenge for the security-conscious is how to work with confidential data on the road. Sometimes you can't or don't want to bring your laptop. But using someone else's machine exposes you to malware and leaves all kinds of electronic traces. Even if you store your files on a portable drive, Windows will scatter pieces of them around the host PC — in temporary files, browser histories, the Windows registry, swap files, hibernation files, and memory dumps.

For digital self-defense, the ideal solution would put the brains of your own computer in your pocket. The idea is to boot a borrowed PC from a portable device that contains not just your data but your software and operating system. You bypass the host computer's hard drive and operating system but get to use its keyboard, mouse, and screen. There are several geeky ways to achieve this, and I'll cover them in the coming days. By far the most secure is a new commercial product called Ironclad, a rugged, encrypted thumb drive developed in partnership between IronKey and Lockheed Martin. The bad news is you probably can't get one. IronClad is aimed at IT departments of large corporate networks, and the minimum purchase is 200 units. I thought I'd give you a tour of its features anyway because it strikes me as the new gold standard for portable data security. In a future post, I'll write about how you can emulate some of its most useful functions on the cheap.

(More on Techland: Is Google Launching Its Own Chrome OS Smartbook Soon?)

The Ironclad is larger than an ordinary thumb drive (about 3" x 3/4" x 5/16"), with layers of epoxy under a solid metal case designed to resist tampering. It self-destructs silently but irreparably after ten wrong passwords. Encryption happens on a user-defined hardware chip, not in software. Its biggest selling point is that it can be used as a boot device on most modern PCs. (It won't work with a Mac.) Shut down the computer, plug in the Ironclad, and power the computer back on. Press a special key to enter the boot options, and soon you're running your own virtual computer on someone else's machine. No trace of your work is left behind because the host computer never knows you were there.

Lockheed uses a proprietary combination of Linux and VMware to do the magic work, but what you see in the end is your own Windows desktop, with your own applications and data. Corporate IT chiefs can load up Ironclads with their very own selection of software. The 16GB test unit Lockheed sent me came configured with Windows 7, Microsoft Office 2007, Acrobat Reader, and other standard tools. By design, it is impossible to install extra software. More than that, the Ironclad is designed to block any executable code that isn't on a specific "white list." I asked Lockheed to turn off that last function on my test unit and had no trouble running portable versions of Firefox, Thunderbird, Skype, and other programs incompatible with Ironclad's default settings.

Ironclad is faster than most thumb drives but much slower than an ordinary hard disk. Boot-up, application starts, and other Windows operations feel sluggish but still usable. Turning off Aero graphics in Windows 7 seemed to improve performance. (Right-click on the desktop, select personalize, scroll down, and choose one of the basic themes.)

(More on Techland: So When Is Apple Getting Rid Of Hard Drives?)

The first test unit I got from Lockheed wouldn't connect to either my wired or wireless network. An updated version seemed to have the same problem, but I solved it by turning off a proxy server that was set by default. (In Internet Explorer: Tools... Internet Options... Connections... LAN Settings... uncheck the box marked Proxy Server.) After that, I had no trouble connecting to a wide range of home and office networks. Ironclad even mounted a network-attached hard drive without difficulty.

And yet… you might think twice about doing any of these things if you were carrying around your company's crown jewels. The whole point of Ironclad is to let you work inside a closed digital perimeter. As soon as you pierce it and connect to the Internet, your data becomes vulnerable to hacks and malware. The "white list" function reduces, but does not eliminate, that risk.

This is a very strong product, polished and well-thought-out, for those who need maximum security. That said, it is not easy to use. I assume it will require a great deal of technical support. The dependence on a borrowed computer means Ironclad must work out of the box with a potentially endless range of hardware and peripherals, and the results are unpredictable. Just to get started with Ironclad, you have to interrupt the standard boot sequence on the host computer. On a Dell machine, you do that by pressing the F12 function key. On a Lenovo laptop, it's the blue ThinkPad button. Other brands have other methods. Some computers may require a BIOS update before they can boot from Ironclad, and others are locked to block attempts to boot from — or even attach — an external device. This sort of limitation is especially likely in airports and hotel business centers, where travelers tend to look for temporary computers.

If you happen to start things, as I often do, Ironclad's strict security settings may prevent you from navigating the local network or installing drivers for a printer. (Even with reduced security settings, I was unable to install drivers for my Epson Workforce 610 printer at home.)

Bottom line: Ironclad is a valuable tool for security-conscious road warriors, and I would love to keep one in my kit bag, but I wouldn't count on it for access to computers on deadline. There are places where it simply won't work, and at those places, paradoxically, a decision to rely on Ironclad could expose you to greater risk. The first rule of all worlds is to leave your secure laptop at home and entrust your secrets to an internet cafe.