User Guide IronKey Enterprise Secure Flash Drive IRONKEY ENTERPRISE USER GUIDE PAGE
Thank you for your interest in IronKey. IronKey is committed to creating and developing the best security technologies and making them simple-to-use, affordable, and available to everyone. Years of research and millions of dollars of development have gone into bringing this technology to you in the IronKey. For a quick product overview, you can also view our online demos at https://www.ironkey.com/demo.
CONTENTS What is it? Meet the IronKey Enterprise Core Components Device Diagrams Technical & Security Notes IronKey Device Security 3 3 3 5 6 6 How Does it Work? Product Walkthrough Activation and Initialization Using the IronKey Unlocker on Windows Using the IronKey Unlocker on a Mac Using the IronKey Unlocker on Linux Using the IronKey Control Panel Using the IronKey Virtual Keyboard Using the Onboard Firefox & Secure Sessions Service Using the IronKey Password Manager Using the Secure Backup Software U
What is it? Meet the IronKey The IronKey Enterprise Secure Flash Drive, designed to be the world’s most secure USB flash drive, protects your data, passwords, and Internet privacy with some of today’s most advanced security technologies. Your IronKey includes a suite of security software and online services, many of which are described in this User’s Guide. Depending on how your System Administrator has configured your IronKey, some of these features may not be included on your IronKey.
Simple Device Management Your IronKey includes the IronKey Control Panel, a central launchpad for launching your applications, editing your preferences, and safely locking your IronKey. Portable & Cross-Platform Data Access The IronKey Unlocker allows you to access your encrypted files on Windows 2000, XP, Vista, Mac OS X and numerous distributions of Linux. Secure Local Backup & Data Recovery Securely back up the data on your IronKey using IronKey’s Secure Backup software.
Device Diagrams The IronKey has been designed from the ground up with security in mind. A combination of advanced security technologies are used to ensure maximum protection of your data. Additionally, the IronKey has been designed to be physically secure, to prevent hardware-level attacks and tampering, as well as to make the device rugged and long-lasting. You can rest assured that your data is secured when you carry an IronKey.
Technical & Security Notes We are endeavoring to be very open about the security architecture and technology that we use in designing and building the IronKey devices and online services. There is no hocus-pocus or handwaving here. We use established cryptographic algorithms, we develop threat models, and we perform security analyses (internal and third party) of our systems all the way through design, development and deployment. Your IronKey is FIPS 140-2 Level 2 validated (Certificate #938).
Password Manager Protection The IronKey Password Manager and my.ironkey.com work together, giving you the ability to back up your online passwords to your Online Security Vault. First, you must unlock your IronKey device, which requires twofactor authentication. Your passwords are securely stored in a hidden hardware-encrypted area inside the device (not in the file system), being first locally encrypted with 256-bit AES, using randomly generated keys encrypted with a SHA-256 hash of your device password.
How does it work? Product Walkthrough Your IronKey Enterprise Secure Flash Drive consists of the following components: » IronKey Unlocker (Windows, Mac and Linux) » IronKey Control Panel (Windows only) » IronKey Virtual Keyboard (Windows only) » Mozilla Firefox & IronKey’s Secure Sessions Service (Windows only) » IronKey Password Manager (Windows XP & Vista only) » IronKey Secure Backup (Windows only) » RSA SecurID (Windows only) » my.ironkey.
3 Retrieve the email with your Your System Admin has setup your IronKey ahead of Activation Code. Copy and paste time to abide by your organization’s security standards. it into the IronKey window. You will receive an email with an Activation Code that is needed to use your IronKey. Enter your email address and your Activation Code into the fields provided on the IronKey window. Click ‘Continue’ when you are ready. 4 Create a device password and a nickname for your IronKey.
Using the IronKey UNLOCKER on Windows The IronKey Unlocker allows you to securely access your files on multiple operating systems. It prompts you for your password, securely validates it, and then mounts your secure volume where all of your files are stored on the IronKey. Here is how to unlock your IronKey on Windows 2000 (SP4), XP (SP2), and Vista: 1 Step Plug in your IronKey and unlock it with your password.
2 3 Choose which action to take when you unlock it. By selecting the corresponding checkbox before unlocking your IronKey, you can view your secure files and/or unlock your IronKey in Read-Only Mode. Locking & unplugging the IronKey Clicking “Lock Drive” will exit open IronKey applications and lock the device. It is then safe to unplug it from your computer.
Please note the following important details for using your IronKey on Linux: 1. Kernel Version must be 2.6 or higher If you compile your own kernel, you must include the following in it: » DeviceDrivers->SCSIDeviceSupport-><*>SCSICDROMSupport » DeviceDrivers-><*> Support for Host-side USB » DeviceDrivers-><*> USB device filesystem » DeviceDrivers-><*> EHCI HCD (USB 2.
Using the IronKey Control Panel (Windows Only) The IronKey Control Panel is a central location for: » Launching secure applications » Securely logging into my.ironkey.com » Configuring your IronKey settings » Updating your device » Changing your IronKey password » Editing Password Manager data » Safely locking your device » Getting online help Most of the Control Panel’s options are located in the “Settings” menu.
3 Configuring device settings The Settings menu allows you to configure preferences to your liking, such as: » Enabling/Disabling the Password Manager » Enabling/Disabling the Secure Sessions » Configuring Password Manager options » Select which web browser your IronKey should use As well as some important drive maintenance features: » Reformatting your secure volume » Restoring your IronKey applications if they are 4 Configure your IronKey’s network and proxy settings erased or corrupted Click on Net
7 Adding, renaming, and removing applications to the Applications List To manage the items in the Application List of the IronKey Control Panel, simply right-click anywhere in Application List. A menu will appear allowing you to: 1. Browse to a new application to add it to the list 2. Rename existing applications in the list 3. Delete an application from the list 4. Modify the way the list is presented Please note that: » Items in the list are shortcuts to actual files.
Step 1 Click the IronKey Virtual Keyboard icon. Description The IronKey Virtual Keyboard will appear. Alternatively, you can press CTRL + ALT + V 2 Click on the keys to type out your password. Click on ‘Enter’ when you are finished. 3 You can optionally click the “Randomize” button to randomize where the keys are. This helps protect against screenloggers.
2 Toggle Secure Sessions for secure If enabled, clicking the IronKey button on the bottom and private surfing right of the onboard Firefox will silently turn IronKey’s Secure Sessions Service on/off. This will create an encrypted tunnel directly from your IronKey, out to a secured IronKey web server, where it is then decrypted and sent out to the destination site.
Using The IronKey Password Manager (Windows XP & Vista Only) The IronKey Password Manager, if enabled, connects to the onboard Firefox browser, or to Internet Explorer (versions 6 or 7) on your computer, automatically filling in your saved passwords so you can log directly into your online accounts. The IronKey Password Manager can securely store your sensitive online identity information, including usernames, passwords, credit card numbers and addresses.
3 Editing/deleting logins and Portable Bookmarks You can manage your Password Manager accounts from within the IronKey Control Panel. Each website will have a set-able name, a URL, a username (logins only), and a password (logins only). Your passwords are not shown unless you click the “Show” checkbox. 4 Backing Up and Restoring Password Manager Data You can securely back up your encrypted Password Manager data to your Online Security Vault.
Using The Secure Backup Software (Windows only) If your IronKey is lost or stolen, you have peace of mind knowing that your confidential information cannot be seen by anyone but you. And getting your data back is simple with IronKey’s Secure Backup software, which, if enabled, securely restores your data to a new IronKey. Back up your data on a regular basis.
Using RSA SecurID on your IRONKEY (WINdows Only) If enabled, your IronKey can provide additional strong authentication capabilities by generating RSA SecurID one-time passwords. Your System Administrator will need to provide a file to import your token(s) and will likely be the one importing your tokens. Step 1 Open the RSA SecurID application Description Click on the icon in the IronKey Control Panel’s application list. 2 Import a .stdid file. This may be done by your System Admin for you. 1. 2. 3. 4.
IMPORTING a Digital Certificate into the Ironkey (Windows Only) The IronKey Cryptochip includes a limited amount of extremely secure hardware storage space, which can be used for storing the private key associated with a digital certificate. This provides you with additional strong authentication capabilities. For example, you could store a self-signed certificate used for internal systems that will allow you to automatically log in when using the IronKey’s onboard Firefox web browser.
4 Note that IronKey’s certificate is available here. Now you can add your own. Click the ‘Import’ button. 5 Browse to the PKCS#12-for- You will be prompted for the location of the PKCS#12mat certificate file and open it. format certificate file (file extension will be .p12 in UNIX/ Linux, .pfx in Windows). 6 A window will appear asking you to confirm where to store the certificate. Choose “IronKey PKCS#11” 7 Enter the password that was used to protect the certificate.
Using my.ironkey.com (Windows OnlY) NOTE: Depending on how your System Administrator has configured your IronKey, you many not have an online IronKey account, and this section may not apply to you. Your IronKey supports advanced cryptographic authentication using strong PKI key pairs generated in the IronKey Cryptochip. When you log into my.ironkey.com from your device, it uses these unique keys as your digital identity credentials.
5 Monitoring account activities 6 Enabling Account Alerts for real-time account monitoring 7 Changing account credentials The Account Dashboard shows you the recent activities on your account, such as logins, failed password attempts, and when your device password has been recovered. You can enable a number of Account Alerts for additional insight into what activities are occurring on your my.ironkey.com account.
Using your IronKey in Read-Only Mode (Windows, Mac, Linux) You can unlock your IronKey in a read-only state such that files on your IronKey cannot be edited. An example of when this is useful is when you want to access a file on your IronKey while using an untrusted or unknown computer. If you unlock your IronKey in Read-Only Mode, you need not fear that malware on that machine will infect your IronKey or modify your files.
Using the IronKey Malware Scanner (Windows Only) Normal flash drives can inadvertently spread malware from one computer to another.
3 The IronKey Malware Scanner will automatically scan your IronKey, including onboard files (compressed and uncompressed files) and any running system processes. 4 The IronKey Malware Scanner will report and clean any malware that is found. 5 You can also scan your computer drives by selecting the drive you would like to scan from the IronKey Malware Scanner system tray menu. A window opens in the background that shows you the scanning progress.
Product Specifications CAPACITY* 1GB, 2GB, 4GB, 8GB SPEED* Up to 30 MB per second read speed Up to 20 MB per second write speed DIMENSIONS 75mm X 19mm X 9mm WEIGHT 0.
What’s next? In many ways, that’s up to you. We are focused on building not only the world’s most secure flash drive, but also enabling technologies that are simple and enjoyable to use. Your feedback really matters to us, and we carefully review all feature requests and customer feedback for prioritization of our next great features and products. Have a cool idea or suggestion? Please let us know. You can open a thread on the IronKey Forum (forum.ironkey.com) or submit feedback to feedback@ironkey.com.
Contact Information Product Feedback feedback@ironkey.com Feature Requests featurerequest@ironkey.com IronKey Online Support https://my.ironkey.com For support, please contact your https://learn.ironkey.com Helpdesk or System Admin https://support.ironkey.com https://forum.ironkey.