It's been a while since I spoke to their techies during my product evals, but as I understand it the drivers are loading and then encrypting the USB channel between the OS and the actual IronKey. They then accept your password and pass it to the key's cryptochip, which holds the keys that were generated during initialization, and decrypts/encrypts the data as it's leaving/entering the key (on the fly).
The drivers also, of course, have to power the key generation process since you can always nuke a key and regenerate its keys.
Finally, they do make a "Personal" and "Enterprise" product in addition to the Basic. In those models you get features like a hardened, privacy-tightened Firefox (for Win*) and, most important to me, remote management of the keys for your enterprise. Those kind of advanced features do require drivers.
It practically doubles the cost of the drive if you're a standalone user with no job involving computers; for me, it was very easy to go over to my officemates' desk and initialize it on his Windows machine.
Also, I did a pretty good amount of work using the IronKey inside a VM. Using VMWare Fusion in MacOSX Leopard and a Windows XP VMWare image, I was able to mount the key inside the Windows image and do an initialization successfully. One thing I did notice was that when doing so, it would always unmount my ipod from the VM, which was a bit odd.
I'm using an Ironkey at work (have been for about 2 years now) and the thing has been rock solid. However, the main reason I selected it is that it's the only key that I've had the opportunity to trial which is both FIPS 140-2l2 compliant *AND* supports Linux.
I use it with WinXP and MacOSX daily and yes, they do ship with "alpha" Linux drivers. Not full support like Win* but enough to read and write the encrypted data, which is all I really use.
Although the company claims that you can now "initialize" a key on MacOS, all the versions I've used required an initial bootstrapping under Windows before being cross-platform usable.
Hi there! I've been using a Kinesis Advantage keyboard for years now for exactly the first reason you listed (very little use of thumbs). On the Advantage, your thumbs operate: Backspace, Delete, Space, Enter, Ctrl, Alt, PgUp and PgDn.
It's fantastic, helped me speed up my typing speed and also cut the annoying wrist pain.
(Note: I don't work for them, own stock in them or anything. I just really like the keyboard).
Yet another thing that NASA has done to help society, that people don't know. NASA's Inspector General (IG) played a large role in helping shut this den of crap down.
Color coding is great, but you'll want to pick two colors which A) are easily distinguishable in low light situations (Blue/White) and B) are in combinations which people are unlikely to be color-blind (Red/White).
1) Define "even vaguely sensitive" data. At which point does information universally become sensitive? 1a) Of particular interest, at which point does NONsensitive information that is meant to be public become, in aggregate, sensitive? 2) Define how the access is to be secured. By protocol would be helpful. 3) Explain how the network of random proxies would be set up so as to obfuscate their government nature while thousands of government employees do their jobs via those links 4) Define how government scientists and engineers, robotics specialists, munitions developers, etc would get their jobs done with no root access to their systems. 5) Describe the code assurance program by which you would ensure that all code running on those systems had no backdoors
Once you've got those details sufficiently mapped out, you can put together a white paper and begin proposing it to the NSA.
You realize that "Serenity" was not put in place as one of the official names due to any SciFi connection right, and that it's just coincidental that the name means anything the SF fans.... right?
I don't have mod points to mod you (-1, rant) so I'll just ask: Are you actually a parent and do you understand a parents' responsibility to their child?
The OP seems to be doing a lot of things right to me. They're not asking for people to parent for them, they're asking other geeks (who may also be parents) for advice on how to protect the kid when they need to be protected -- so they can cut the kid loose when they're ready for that.
"delegating your responsibilities to everyone besides yourself" would be saying "help, help, we need to ban porn on the internet because I have a kid".
Anyway, get some Xanax or something and bring it down a notch.
I've had fantastic results using OTRS to support both research scientists in a professional organization (8 sysadmins, 350+ scientists), a web-based document repository with a few thousand users (And 2 support staff) and a volunteer parrot rescue with about 50 staff, hundreds of volunteers/adopters and 2 support techies.
It's free, open source (LAMP) and having hacked at the source code I can say that it's VERY Solid and well-written Perl. With mod_perl2 even an older Linux box could handle the load.
jotaeleemeese: You're correct that laptops (for large businesses and government) should be no more than thin clients nowadays in many cases - but the article is about "when you have to encrypt absolutely everything". The poster indicated ALL devices getting encryption, which would include desktops, USB keys, CD-ROM media, email and even servers if you took things that far!
Keep in mind, requirements are king. If you have no sensitive data but require a lot of computing power on a workstation, encryption there doesn't make sense. You rob yourself of computing power for no security gain. That kind of balancing act is the core of what makes a good IT Security person.
Excellent, thanks for the post! I hadn't used TrueCrypt in a good while so I am not up to date on their latest status. I'm still nervous about it in a large enterprise but I'd definitely run it through some more tests at this point.
Which is a pretty good idea. Page files, application-level caches, all this stuff muddles the water of where our sensitive data might be. And trusting employees to keep everything where it should be is just stupid. Even if they're smart guys, people make mistakes.
I agree with you and full disk encryption CAN be a solution to the problems that confront some organizations. However the fact that it can be a solution doesn't mean that it is applicable universally, or is even the most appropriate solution. For example, would you mandate full disk encryption for the disks residing on a server? Why bother, if the server is in a secured area and is never "at rest".
In any case, the shotgun approach is never the appropriate solution to not putting appropriate thought into the process which is what I most object to.
it doesn't make sense to go from there to, "encrypting everything doesn't make sense because it doesn't make you definitely safe." That argument leads to the inevitable conclusion that any security feature is unnecessary because, as you've said, nothing fits the bill.
I would never suggest that, because as you've pointed out it's a slippery slope type fallacy. What I wil say to clarify is that it is not an appropriate replacement for the risk analysis process, as it is often used.
Not really. Being able to access the data, and being able to carry the data out are two entirely different things. If your data is really important, and the computer holding the data isn't connected to the 'net, the insider doesn't have admin rights, and the usb ports are disabled to people without admin access...he could still break in and steal the hard drive. There's a reason to keep it encrypted.
Well, when I say "if you have the key" I really mean, having the encryption key. Malicious insiders generally carry out data they've been given access to. Certainly espionage-wise, rival companies or governments are likely to target someone who already has access to the data they want, and get that person to be the leak. If a malicious insider is your threat, disk-at-rest encryption is not going to do much to mitigate that.
Yes, that's the type of question that he most definitely needs to deal with. But again, as long as they are looking into issues of that sort, and not just buying into what they think is instant security, there's absolutely no downside to encrypting everything.
I wouldn't go so far as to say there's absolutely no downside to encrypting everything. All encryption has overhead - some products, significant overhead. Then there's either the extra expense of a key management strategy and team plus sysadmin overhead and labor OR the cost of losing data once something bad occurs and the data cannot be recovered.
If his company does an accurate study into their risks and adopts mitigations for them, it might be the case that they only have a relatively minor pool of sensitive information that can be managed server-side through use of things like VMWare ACE, or Citrix, or... insert appropriate technology here. If they're most worried about laptop/usb key loss then they can adopt things like safeboot or buy Ironkeys/Cruzers/etc.
My main point is that encrypting everything has downsides and he needs to be sure they're worth the gain - the only way that can be done is through risk analysis.
I see this directive a lot. It boils down to "We don't know where our sensitive data is, or don't trust our employees to keep it where it should be, so we're encrypting everything!".
Most of the time when I see this, it's because the person making the directive is responsible for security in some manner but has no experience with risk management and mitigation, so they go for the "all out, definitely safe!" shotgun solution. The problem is there's no such thing!
What risks are you actually attempting to mitigate through encrypting everything, and are you aware of the risks you are creating? These are questions the person who made the directive should be able to answer! For instance, if you are trying to mitigate the "PII/Lost Laptop" risk, why not implement drive encryption on laptops only, and buy USB sticks (such as Ironkey) which guarantee the encryption? If you're trying to stop a malicious insider, no amount of encryption will save you if they've been given the key.
Finally as others suggested, what's your key management and password management strategy? I -love- truecrypt but I wouldn't suggest it for a whole enterprise without being able to answer the question "How do I recover the key to this workstation when the employee dies unexpectedly of a heart attack?".
Best of luck in your endeavor but remember this rule: When it comes to implementing security, NEVER BE AFRAID TO ASK MORE QUESTIONS - especially about requirements.
I appreciate your clarification, but surely you can see where I didn't read your initial comment that way? All it said was "get people to mars, assholes". Had you said "Fund NASA properly so they can get people to mars, assholes" I would've had a totally different read on yoru comment.
It looks like you're the one throwing the tantrum.
"Assholes" refers to the morons not properly funding NASA, as well as the morons allocating what funds there are toward any project that is not getting people to Mars.
To a great extent, NASA may not have the authority NOT to allocate funds to any given project. The worth of the project notwithstanding (robotics work is critical for getting research and exploration done) a good number of projects are congressionally-mandated.
Right on schedule, a radical restructuring recommendation.
I'm not commenting on the merits of this particular publication (could be great!!) but it certainly drives home the point I was making. It's hard to make progress on a 20 year program when your agency is radically "restructured" every 4 or 8 years.
sexconker: Have you ever seen that movie "UHF" by Wierd Al Yankovic? Remember the scene where he walks in and says "Hi, I'm the new boss!" and the secretary screams at him? "OOOOOOOoh, It's kind of HARD to be PROMOTED when EVERY WEEK you have a new boss!".
It feels a bit like being that secretary, to be working at NASA. Everyone thinks you can just "get people on mars already you assholes". Your budget is less than half of what's provided even to the federal highway administration who doesn't even have to leave our comfortable atmosphere to do their jobs. Hell, our budget this year is 0.009 percent of the cost of the two "stimulus packages" for banks and mortgage companies. That budget also must be split among your multiple "missions" - Science, Exploration, Aeronautics, etc. (By the way, robots play an important part in all of the missions, and researching them is critical).
Finally, you have not one boss but 500 or so, each of whom has different priorities for you and concerns that you spend your limited budget in THEIR district (not where it might be most appropriate) and EVERY 4 (or 8) years you have a new boss with a radically different direction for the 20-year program you're supposed to be completing. By the way, they can issue a memo and, poof, it's federal law now.
Sorry for going on a tangent but it really irritates me, comments like yours. There's plenty of valid criticisms for NASA that you could be throwing together in this topic and you chose a simplistic, uninformed and insulting tantrum.
I am the sole IT person for a nonprofit, volunteer animal rescue. They don't have any money to pay for professional staff (preferring to spend it on the animals instead).
All of our IT tools (a wiki, a bird tracking database, OTRS, our website, a chat server, etc) are webapps.
The type of people, for the most part, who are willing to volunteer to do animal rescue are not geeks, techies or even "power users". For a long time our animal tracking database was a client application. 75% of the volunteers had so much trouble figuring out how to INSTALL IT and connect it to our database (even with written instructions) that they didn't even use it, and had to ask others to do all their data entry for them.
It got to the point that each adoption coordinator had to be set up with a technically astute "data entry buddy".
Now that our bird database is a webapp, all the coordinators can use it, because they CAN navigate to a website and use the tool.
So, yeah, there's a place for thick client apps too, but without webapps we'd be screwed.
Wow, you appear to live very close to me as well! The intersection at Fair Oaks and the 101 South exit is HORRIBLE. I've written the city about it several times. In addition to short yellows, there is a serious bicycle safety issue.
I ride my bicycle through that intersection in the mornings to work. There is NO guided-left turn for any of the 4-way intersection, yet the people taking a left from Fair Oaks to try to make the IMMEDIATE exit onto 101 pay no attention to right of way. I've almost been run into multiple times by folks who don't realize that traffic going STRAIGHT through the intersection have right of way over folks trying to make a left!
I ended up altering my bike route to instead go over a pedestrian overpass and go an extra half-mile rather than continue risking that intersection.
Of course, I never, ever heard back from the city.
Slashdot Mirror
It's been a while since I spoke to their techies during my product evals, but as I understand it the drivers are loading and then encrypting the USB channel between the OS and the actual IronKey. They then accept your password and pass it to the key's cryptochip, which holds the keys that were generated during initialization, and decrypts/encrypts the data as it's leaving/entering the key (on the fly).
The drivers also, of course, have to power the key generation process since you can always nuke a key and regenerate its keys.
Finally, they do make a "Personal" and "Enterprise" product in addition to the Basic. In those models you get features like a hardened, privacy-tightened Firefox (for Win*) and, most important to me, remote management of the keys for your enterprise. Those kind of advanced features do require drivers.
It practically doubles the cost of the drive if you're a standalone user with no job involving computers; for me, it was very easy to go over to my officemates' desk and initialize it on his Windows machine.
Also, I did a pretty good amount of work using the IronKey inside a VM. Using VMWare Fusion in MacOSX Leopard and a Windows XP VMWare image, I was able to mount the key inside the Windows image and do an initialization successfully. One thing I did notice was that when doing so, it would always unmount my ipod from the VM, which was a bit odd.
I'm using an Ironkey at work (have been for about 2 years now) and the thing has been rock solid. However, the main reason I selected it is that it's the only key that I've had the opportunity to trial which is both FIPS 140-2l2 compliant *AND* supports Linux.
I use it with WinXP and MacOSX daily and yes, they do ship with "alpha" Linux drivers. Not full support like Win* but enough to read and write the encrypted data, which is all I really use.
Although the company claims that you can now "initialize" a key on MacOS, all the versions I've used required an initial bootstrapping under Windows before being cross-platform usable.
Hi there! I've been using a Kinesis Advantage keyboard for years now for exactly the first reason you listed (very little use of thumbs). On the Advantage, your thumbs operate: Backspace, Delete, Space, Enter, Ctrl, Alt, PgUp and PgDn. It's fantastic, helped me speed up my typing speed and also cut the annoying wrist pain. (Note: I don't work for them, own stock in them or anything. I just really like the keyboard).
Yet another thing that NASA has done to help society, that people don't know. NASA's Inspector General (IG) played a large role in helping shut this den of crap down.
>Hey, is it any surprise campus security are afraid of Command Line Interface Terrorism?
Maybe I've been in IT too long, but automatically reading acronyms into anything with multiple capitals per word can be very amusing sometimes.
Color coding is great, but you'll want to pick two colors which A) are easily distinguishable in low light situations (Blue/White) and B) are in combinations which people are unlikely to be color-blind (Red/White).
Blue/Green is bad for both of those.
That's a remarkably simple solution!
I'm interested but please elaborate a bit.
1) Define "even vaguely sensitive" data. At which point does information universally become sensitive?
1a) Of particular interest, at which point does NONsensitive information that is meant to be public become, in aggregate, sensitive?
2) Define how the access is to be secured. By protocol would be helpful.
3) Explain how the network of random proxies would be set up so as to obfuscate their government nature while thousands of government employees do their jobs via those links
4) Define how government scientists and engineers, robotics specialists, munitions developers, etc would get their jobs done with no root access to their systems.
5) Describe the code assurance program by which you would ensure that all code running on those systems had no backdoors
Once you've got those details sufficiently mapped out, you can put together a white paper and begin proposing it to the NSA.
One or two forklifts and one 18-wheeler. The data is already pre-packed in a shipping container.
You realize that "Serenity" was not put in place as one of the official names due to any SciFi connection right, and that it's just coincidental that the name means anything the SF fans.... right?
I don't have mod points to mod you (-1, rant) so I'll just ask: Are you actually a parent and do you understand a parents' responsibility to their child?
The OP seems to be doing a lot of things right to me. They're not asking for people to parent for them, they're asking other geeks (who may also be parents) for advice on how to protect the kid when they need to be protected -- so they can cut the kid loose when they're ready for that.
"delegating your responsibilities to everyone besides yourself" would be saying "help, help, we need to ban porn on the internet because I have a kid".
Anyway, get some Xanax or something and bring it down a notch.
I've had fantastic results using OTRS to support both research scientists in a professional organization (8 sysadmins, 350+ scientists), a web-based document repository with a few thousand users (And 2 support staff) and a volunteer parrot rescue with about 50 staff, hundreds of volunteers/adopters and 2 support techies.
It's free, open source (LAMP) and having hacked at the source code I can say that it's VERY Solid and well-written Perl. With mod_perl2 even an older Linux box could handle the load.
That was beautiful.
jotaeleemeese: You're correct that laptops (for large businesses and government) should be no more than thin clients nowadays in many cases - but the article is about "when you have to encrypt absolutely everything". The poster indicated ALL devices getting encryption, which would include desktops, USB keys, CD-ROM media, email and even servers if you took things that far!
Keep in mind, requirements are king. If you have no sensitive data but require a lot of computing power on a workstation, encryption there doesn't make sense. You rob yourself of computing power for no security gain. That kind of balancing act is the core of what makes a good IT Security person.
Excellent, thanks for the post! I hadn't used TrueCrypt in a good while so I am not up to date on their latest status. I'm still nervous about it in a large enterprise but I'd definitely run it through some more tests at this point.
Well put; there are plenty of cases where the data is and should be "lose-able" and if you're doing proper backups that is even more driven home.
Also as aside, thanks for the civilized and intelligent debate! That is getting much harder to find online these days. :)
Which is a pretty good idea. Page files, application-level caches, all this stuff muddles the water of where our sensitive data might be. And trusting employees to keep everything where it should be is just stupid. Even if they're smart guys, people make mistakes.
I agree with you and full disk encryption CAN be a solution to the problems that confront some organizations. However the fact that it can be a solution doesn't mean that it is applicable universally, or is even the most appropriate solution. For example, would you mandate full disk encryption for the disks residing on a server? Why bother, if the server is in a secured area and is never "at rest".
In any case, the shotgun approach is never the appropriate solution to not putting appropriate thought into the process which is what I most object to.
it doesn't make sense to go from there to, "encrypting everything doesn't make sense because it doesn't make you definitely safe." That argument leads to the inevitable conclusion that any security feature is unnecessary because, as you've said, nothing fits the bill.
I would never suggest that, because as you've pointed out it's a slippery slope type fallacy. What I wil say to clarify is that it is not an appropriate replacement for the risk analysis process, as it is often used.
Not really. Being able to access the data, and being able to carry the data out are two entirely different things. If your data is really important, and the computer holding the data isn't connected to the 'net, the insider doesn't have admin rights, and the usb ports are disabled to people without admin access...he could still break in and steal the hard drive. There's a reason to keep it encrypted.
Well, when I say "if you have the key" I really mean, having the encryption key. Malicious insiders generally carry out data they've been given access to. Certainly espionage-wise, rival companies or governments are likely to target someone who already has access to the data they want, and get that person to be the leak. If a malicious insider is your threat, disk-at-rest encryption is not going to do much to mitigate that.
Yes, that's the type of question that he most definitely needs to deal with. But again, as long as they are looking into issues of that sort, and not just buying into what they think is instant security, there's absolutely no downside to encrypting everything.
I wouldn't go so far as to say there's absolutely no downside to encrypting everything. All encryption has overhead - some products, significant overhead. Then there's either the extra expense of a key management strategy and team plus sysadmin overhead and labor OR the cost of losing data once something bad occurs and the data cannot be recovered.
If his company does an accurate study into their risks and adopts mitigations for them, it might be the case that they only have a relatively minor pool of sensitive information that can be managed server-side through use of things like VMWare ACE, or Citrix, or ... insert appropriate technology here. If they're most worried about laptop/usb key loss then they can adopt things like safeboot or buy Ironkeys/Cruzers/etc.
My main point is that encrypting everything has downsides and he needs to be sure they're worth the gain - the only way that can be done is through risk analysis.
I see this directive a lot. It boils down to "We don't know where our sensitive data is, or don't trust our employees to keep it where it should be, so we're encrypting everything!".
Most of the time when I see this, it's because the person making the directive is responsible for security in some manner but has no experience with risk management and mitigation, so they go for the "all out, definitely safe!" shotgun solution. The problem is there's no such thing!
What risks are you actually attempting to mitigate through encrypting everything, and are you aware of the risks you are creating? These are questions the person who made the directive should be able to answer! For instance, if you are trying to mitigate the "PII/Lost Laptop" risk, why not implement drive encryption on laptops only, and buy USB sticks (such as Ironkey) which guarantee the encryption? If you're trying to stop a malicious insider, no amount of encryption will save you if they've been given the key.
Finally as others suggested, what's your key management and password management strategy? I -love- truecrypt but I wouldn't suggest it for a whole enterprise without being able to answer the question "How do I recover the key to this workstation when the employee dies unexpectedly of a heart attack?".
Best of luck in your endeavor but remember this rule: When it comes to implementing security, NEVER BE AFRAID TO ASK MORE QUESTIONS - especially about requirements.
I appreciate your clarification, but surely you can see where I didn't read your initial comment that way? All it said was "get people to mars, assholes". Had you said "Fund NASA properly so they can get people to mars, assholes" I would've had a totally different read on yoru comment.
It looks like you're the one throwing the tantrum.
"Assholes" refers to the morons not properly funding NASA, as well as the morons allocating what funds there are toward any project that is not getting people to Mars.
To a great extent, NASA may not have the authority NOT to allocate funds to any given project. The worth of the project notwithstanding (robotics work is critical for getting research and exploration done) a good number of projects are congressionally-mandated.
Here is one of many articles detailing the problem: http://www.allbusiness.com/government/elections-politics-politics-political-parties/10237821-1.html
To follow up on my own comment (doh!) here is a link to a document detailing recommendations to the obama administration for NASA..
Right on schedule, a radical restructuring recommendation.
I'm not commenting on the merits of this particular publication (could be great!!) but it certainly drives home the point I was making. It's hard to make progress on a 20 year program when your agency is radically "restructured" every 4 or 8 years.
sexconker: Have you ever seen that movie "UHF" by Wierd Al Yankovic? Remember the scene where he walks in and says "Hi, I'm the new boss!" and the secretary screams at him? "OOOOOOOoh, It's kind of HARD to be PROMOTED when EVERY WEEK you have a new boss!".
It feels a bit like being that secretary, to be working at NASA. Everyone thinks you can just "get people on mars already you assholes". Your budget is less than half of what's provided even to the federal highway administration who doesn't even have to leave our comfortable atmosphere to do their jobs. Hell, our budget this year is 0.009 percent of the cost of the two "stimulus packages" for banks and mortgage companies. That budget also must be split among your multiple "missions" - Science, Exploration, Aeronautics, etc. (By the way, robots play an important part in all of the missions, and researching them is critical).
Finally, you have not one boss but 500 or so, each of whom has different priorities for you and concerns that you spend your limited budget in THEIR district (not where it might be most appropriate) and EVERY 4 (or 8) years you have a new boss with a radically different direction for the 20-year program you're supposed to be completing. By the way, they can issue a memo and, poof, it's federal law now.
Sorry for going on a tangent but it really irritates me, comments like yours. There's plenty of valid criticisms for NASA that you could be throwing together in this topic and you chose a simplistic, uninformed and insulting tantrum.
I am the sole IT person for a nonprofit, volunteer animal rescue. They don't have any money to pay for professional staff (preferring to spend it on the animals instead).
All of our IT tools (a wiki, a bird tracking database, OTRS, our website, a chat server, etc) are webapps.
The type of people, for the most part, who are willing to volunteer to do animal rescue are not geeks, techies or even "power users". For a long time our animal tracking database was a client application. 75% of the volunteers had so much trouble figuring out how to INSTALL IT and connect it to our database (even with written instructions) that they didn't even use it, and had to ask others to do all their data entry for them.
It got to the point that each adoption coordinator had to be set up with a technically astute "data entry buddy".
Now that our bird database is a webapp, all the coordinators can use it, because they CAN navigate to a website and use the tool.
So, yeah, there's a place for thick client apps too, but without webapps we'd be screwed.
Wow, you appear to live very close to me as well! The intersection at Fair Oaks and the 101 South exit is HORRIBLE. I've written the city about it several times. In addition to short yellows, there is a serious bicycle safety issue.
I ride my bicycle through that intersection in the mornings to work. There is NO guided-left turn for any of the 4-way intersection, yet the people taking a left from Fair Oaks to try to make the IMMEDIATE exit onto 101 pay no attention to right of way. I've almost been run into multiple times by folks who don't realize that traffic going STRAIGHT through the intersection have right of way over folks trying to make a left!
I ended up altering my bike route to instead go over a pedestrian overpass and go an extra half-mile rather than continue risking that intersection.
Of course, I never, ever heard back from the city.
Labor, Labor, Labor.
They're tying it into, and porting data from, dozens of disparate data sources - some old, some newer.
Frankly with the cost of labor in the Silicon Valley area even in this economy, I'm shocked it cost that little.