Sitewide
RSS Feed:
Secure USB devices under the scope
 |
By: Jon Collins, Managing Director, Freeform Dynamics Published: 9th July 2007 Copyright Freeform Dynamics © 2007 |
 |
Delicious
Digg
reddit
Facebook
StumbleUponSecurity-related USB-based devices seem to be breeding like flies at the moment. I've got a number of the little blighters in the virtual Petri dish, notably:
- an Outbacker MXP from MXI security
- a Pico from Yoggie Security Systems
- an AccessStick from Accario
- a MobiKey from Decisive Solutions
- the obligatory U3 device from what is now SanDisk
All have different, but overlapping functions, but what I'm really interested in checking out is how well their suppliers or partners deal with centralised management and control. So far I have been playing with the Outbacker and U3 devices, and I've got briefings lining up with Decisive and Accario. Watch this space for updates.
Reader Comments
We are no longer accepting comments against this item. We suggest contacting the author directly.
10th July 2007: 'stderr' said:
Throw truecrypt onto the drive and just throw the files into the encrypted virtual partition. Truecrypt runs on both linux and windows, so this makes your thumbdrive actually accessible from anywhere.
10th July 2007: 'Jon Collins' (Author) said:
Nice idea - but remember some of these devices do more than just encryption. To your point however, for the life of me I can't understand why people don't use encryption more for drives of all descriptions; but having said that, the risk/fear is that data may be rendered inaccessible somehow (which would be counterproductive to say the least). Not saying it's a rational fear, but it needs to be taken into account.
10th July 2007: 'stderr' said:
True, and there are several solutions, if encryption is all that you want/need. USB keys have the tendency to go bad anyways, and they should never hold your only copies. I just thought Truecrypt should be mentioned due to the inherent portability. I guess this is what I get for running Linux though. Then again, FUSE has some nice gadgets to play with as well. I'll stick around for updates to this article.
12th July 2007: 'Kelly' said:
Can TrueCrypt be trusted? It is an open source application... Surely a commercial grade application should be sought to protect your data from prying eyes and for that added peace of mind?
12th July 2007: 'Jimbob' said:
This is, of course, the big question. But at the end of the day any security measure is better than none.
12th July 2007: 'stderr' said:
Truecrypt uses data standards, so it's more than likely just as secure, if not more secure than some of the commercial solutions. The only security added by a commercial solution would be security through obscurity, which we all know will eventually fall. Most encryption solutions do not invent their own algorithms, because there are already time tested options available. Once quantum computers get here, yes... scrap all of your Truecrypt partitions.
12th July 2007: 'Jimbob' said:
I heartily agree, I often get people to dual partition their laptops and encrypt the second 'data' partition using TrueCrypt with both password and keyfiles. The keyfiles can be easily kept on a USB key so should the password be discovered, the security remains intact. Paranoid? Yes.
12th July 2007: 'stderr' said:
Alternate Data Streams offer an alternative way to add another a level of security (in this case through obscurity). The casual browser would never notice that your virtual partition is even there.
13th July 2007: 'jimbob' said:
stderr - any apps which make use of this technology?
13th July 2007: 'stderr' said:
Sure, just use Truecrypt to create it. When you create a volume. Select a file that you want to hide the ADS in, for instance, C:text.txt. Once you have the file selected add a colon : and some text. So you have C:text.txt:ads for your Alternate Data Stream. Continue setup of the volume as normal, and when you mount it... just add the :ads to the end of the file. There are tools to detect ADS (stream.exe from Sysinternals is one that comes to mind.) There are probably some ADS tools for creating files and such, but simply using Truecrypt should work fine for this. The attributes of text.txt will stay the same, even though there's an ADS on the file. Google up some tutorials on ADS for more info.
13th July 2007: 'Jon Collins' (Author) said:
Thanks for all the comments guys! All good grist to the mill...
The messages above were all contributed by IT-Director.com readers. Whilst we take care to remove any posts deemed inappropriate, we can take no responsibility for these comments. If you would like a comment removed please contact our editorial team.