Hello, I use the Ironkey. Since it is done at the hardware level, it is one of the few solutions that I have seen that ensures the data is encrypted (no messing around with setting up encrypted partitions inside the key). Also since it is hardware based it can be used on machines where the user does not have local administrator rights (Truecrypt - at least the last time I evaluated it - requires usb drive users to have administrator rights on the machine to mount the encrypted volume). It works on XP, Vista, MAC, and Linux. It is very easy for the end-user to use. Simply double click on the executable (you can put a shortcut on the desktop to make easier), and the password prompt will appear (if autorun is on - which it should not be in a secure environment! - the prompt will appear as soon as they insert the key). It is a bit on the pricey side though.
The upcoming Windows 7 has an interesting feature that you may also want to look into (if you do not want to pay the premium for Ironkey). Bitlocker to go. It is supposed to extend Bitlocker encryption to removable devices. It is also supposed to have group policy extensions to enforce removable devices to use it (or render them read-only if they don't). I believe that it will be readable on XP, Vista, and 7. I don't know if the data will be readable on non-Windows machines so it may not be an option for those users that also use or need to access the data on non-Windows machines. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Saturday, May 16, 2009 8:04 AM To: PaulDotCom Security Weekly Mailing List Subject: [Pauldotcom] Encryption/Protection for USB storage media Hello All; Since its so common to loose an external hard drive or usb thumb drive I am looking into a semi-simple solution for my executives that can allow them to encrypt there usb storage media this way its a bit harder for someone once its lost or stolen. I have tried installing truecrypt on there usb device then create the secure volume with the extra space,however since the installation directory and password authentication all occurs on the same usb device is it possible to recover parts or the entire password from the device once its in the attackers hands? What are others using? Thank you, Sent from my Verizon Wireless BlackBerry _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.329 / Virus Database: 270.12.30/2115 - Release Date: 05/15/09 17:55:00 _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
