Mulberry Holdall Tasker Mulberry Holdall Tasker panser en li

by marie4767 on 2012-03-05 16:32:50

**SecurityIronclad: A Small, Secure Computer in Your Pocket**

*By Barton Gellman | November 17, 2010 | + Tweet*

One common challenge for the security-conscious is how to work with confidential data while on the go. Sometimes you can't or don't want to bring your laptop. But using someone else's machine exposes you to malware and leaves all kinds of electronic traces. Even if you store your files on a portable drive, Windows will scatter pieces of them all over the borrowed PC—in temporary files, browser history, the Windows registry, swap files, hibernation files, and memory dumps.

For digital self-defense, the ideal solution would put the brain of your own computer in your pocket. The idea is to boot a borrowed PC from a portable device that contains not just your data but your software and operating system. You bypass the host computer's hard disk and operating system but get to use its keyboard, mouse, and screen. There are several nerdy ways to achieve this, and I'll cover them in the coming days. By far the most secure is a new commercial product called Ironclad, a rugged, encrypted thumb drive developed in partnership between IronKey and Lockheed Martin.

The bad news is that you probably can't get one. Ironclad is aimed at corporate IT departments, and the minimum purchase is 200 units. I thought it would be worth giving you a tour of its features anyway because it appears to me as the new gold standard for portable data security. In an upcoming post, I'll write about how you can replicate some of its most useful functions on the cheap.

(More on Techland: Is Google Launching Its Own Chrome OS Smartbook Soon?)

Ironclad is larger than a typical thumb drive (about 3" x 3/4" x 5/16"), with layers of epoxy under a solid metal casing designed to resist tampering. It self-destructs—silently but irreparably—after ten wrong passwords. Encryption happens on a user-defined hardware chip, not in software. The biggest selling point is that it can be used as a boot device on most modern PCs. (It won’t work with a Mac.) Turn off the computer, plug in Ironclad, and power the computer back on. Press a special key to access boot options, and soon you're running your own virtual computer on someone else's machine. No trace of your work is left behind because the borrowed computer never knows you were there.

Lockheed uses a proprietary combination of Linux and VMware to do the magic work, but what you see in the end is your own Windows desktop, with your own applications and data. Corporate IT managers can load up Ironclads with their own custom selection of software. The 16GB test unit Lockheed sent me was configured with Windows 7, Microsoft Office 2007, Acrobat Reader, and other standard tools. By design, it’s impossible to install extra software. More than that, Ironclad is designed to block any executable code that isn’t on a specific "whitelist." I asked Lockheed to disable that last feature on my test unit and had no problems running portable versions of Firefox, Thunderbird, Skype, and other software.

Ironclad is faster than most thumb drives but much slower than a regular hard disk. Boot-up, application launches, and other Windows operations feel sluggish but still usable. Turning off the fancy Aero graphics in Windows 7 seemed to improve performance. (Right-click on the desktop, select Personalize, scroll down, and choose one of the basic themes.)

(More on Techland: So When Is Apple Getting Rid of Hard Drives?)

The first test unit I got from Lockheed wouldn’t connect to my wired or wireless network. An updated version seemed to have the same problem, but I resolved it by turning off a proxy server that was set by default. (In Internet Explorer: Tools... Internet Options... Connections... LAN Settings... uncheck the Proxy Server box.) After that, I had no trouble connecting to a wide range of home and office networks. Ironclad even mounted a network-attached hard drive without issue.

And yet... you might want to think twice about doing any of these things if you're carrying around your company's crown jewels. The whole point of Ironclad is to let you work inside a closed digital perimeter. As soon as you open it up and connect to the internet, your data becomes vulnerable to hacks and malware. The "whitelist" feature reduces but does not eliminate that risk.

This is a very strong product, polished and well-thought-out for those who need maximum security. That said, it’s not easy to use. I suspect it will require a lot of technical support. The reliance on a borrowed computer means Ironclad has to work out of the box with a potentially endless range of hardware and peripherals, and results are unpredictable. Just to get started with Ironclad, you have to interrupt the standard boot sequence on the host computer. On a Dell machine, you do this by pressing the F12 function key. On a Lenovo laptop, it’s the blue ThinkPad button. Other brands have other methods. Some computers may require a BIOS update before they can boot from Ironclad, and others are locked to block attempts to boot—or even attach—an external device. This kind of restriction is especially likely in airport and hotel business centers, where travelers tend to look for temporary computers.

If you try to start things the way I usually do, Ironclad’s strict security settings may prevent you from navigating the local network or installing drivers for a printer. (Even with lowered security settings, I couldn’t install drivers for my Epson WorkForce 610 printer at home.)

Bottom line: Ironclad is a valuable tool for security-conscious road warriors, and I’d love to keep one in my kit bag, but I wouldn’t count on it for accessing computers on deadline. There are places where it simply won’t work, and at those places, paradoxically, a decision to rely on Ironclad could expose you to greater risk. The first rule of all worlds is to leave your secure laptop at home and entrust your secrets to an internet café.