IronKey: Simple, safe, and secure surfing over Wi-Fi

The IronKey USB flash drive is a very secure data storage device with virtually fool proof encryption and password protected access. I would like to discuss another equally interesting feature of IronKey that allows simple, safe, and secure web browsing.

Fellow TechRepublic writer Paul Mah has written a great post, "Secure your data on the go", that explains why the IronKey USB flash drive is a very secure data storage device with virtually foolproof encryption and password-protected access. I would like to discuss another equally interesting feature of IronKey that allows simple, safe, and secure Web browsing.

"Simple, yet secure"

For a very long time I have been trying to find a "simple yet secure" way for road warriors to browse the Web while on the road. As I see it, there are two key requirements to achieving a "simple yet secure" answer. First, the setup process required by the road warrior wanting to browse the Web must be simple or the road warrior will not use it. Second, the underlying network technology has to be secure or the IT department will not allow it to be used.

Simple yes, secure no

The ultimate in "simple" would be to allow the road warrior to just plug into an open Ethernet port or associate with an open Wi-Fi network at the hotel or hotspot. That's all there is to it, with the road warrior happily surfing away. So what's wrong with this picture? We all know that an unencrypted data stream is what's wrong. There's a multitude of ways to capture network traffic, allowing most anyone the ability to reconstruct the data stream, or even worse, learn username/password combinations used by the road warrior.

Secure yes, simple no

Most would agree that the ultimate in "secure" is having the road warrior use a VPN application after plugging into an open Ethernet port or associating with an open Wi-Fi connection. The encrypted data stream will appear as gibberish to anyone capturing the network traffic. Well, this sounds great --why not just use a VPN all of the time? If it were only that easy. VPN applications have additional requirements that may not be enabled on the network being used by the road warrior. For example, certain additional ports may have to be opened and the network needs to be able to handle added management overhead created by the VPN.

What if?

So VPN technology is secure, allowing the road warrior access to the company network as well as the Internet through the company firewall. What if the VPN will not set up or authenticate correctly using a certain hotspot? Or what about the road warriors that are not part of a business entity that has VPN service? Is it OK to just plug in and open the Web browser? As we know -- it is not, but that is exactly what happens. There is just no way around it. Or is there?

Actually there are several methods to secure Web browsing when you are using open wired or Wi-Fi networks. The problem is that they usually require adding client software, and require payment to the party supplying the secure service. Examples of this would be Anonymizer and Megaproxy. Both products are secure, but not simple enough for the road warrior to automatically use them.

IronKey comes close

The closest approximation of "simple yet secure" that I have found is the IronKey. Besides creating a secure storage device with bullet-proof access protection, the development team at IronKey has added what they call "Secure Sessions Service" -- described by Dave Jevans CEO of IronKey:

"If you want to surf the Web safely and privately, use your IronKey. With just a click of a button, the onboard Firefox browser enables IronKey's Secure Sessions Service for high-speed, encrypted Internet communications. You can safely tunnel through insecure wireless networks, public Wi-Fi hotspots, and prying ISPs without worry because your traffic will be encrypted and directed through a secure IronKey server. Also, your IP address, geographic location, and other personally identifiable information will be protected as you pass through the Tor network, which IronKey has extended and optimized for speed and security.

If you ran a Web browser from a regular flash drive, you may end up burning out the memory chips. This is because most flash drives use inexpensive flash memory. But the IronKey uses super high-quality SLC NAND flash memory for extended data longevity. These chips have been optimized for speed, giving you a smooth Web experience."

The secret to the success of this approach is that IronKey uses TOR technology but not the TOR Project relay servers. That means the exit point to the Internet is an IronKey server/firewall that is maintained to provide user anonymity and protection from Internet threats.

One of the interesting features of using TOR network technology is the ability to surf without revealing your public IP address. The idea is to bounce the data stream between several IronKey TOR servers and finally exit from the IronKey network. The only visible public IP address is that of the final TOR server. IronKey allows you to decide what servers you would like to use, and you can see the path of the data stream as seen in the example below. If you want to change a leg of the circuit, you just right-click on the line representing it and close it.


One unique feature that adds yet another layer of security is the ability to change the visible public IP address at any time during the browser session. You select this feature from the control panel and the IP address is changed as shown in the window below.


One negative attributed to networking security applications, is that they increase network management overhead. Developers try to keep this additional traffic to a minimum as it slows data throughput. If data throughput appears to be a problem, you can see the current send and receive rates on an included bandwidth meter. For example, there maybe a slow leg on the circuit and by choosing a different leg, the rates will improve as shown by the bandwidth meter.


Final thoughts

There are many solutions that achieve an acceptable level of access security for the remote user, but most require a dedicated computer or equipment that the mobile computer connects to. I try hard to remember the mantra of "simple, yet secure" and using IronKey's "Secure Sessions Service" on any available computer seems to come pretty darn close.