Aegis Padlock for business



Similar documents
SecureD Technical Overview

Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Full Disk Encryption Drives & Management Software. The Ultimate Security Solution For Data At Rest

GoldKey Product Info. Do not leave your Information Assets at risk Read On... Detailed Product Catalogue for GoldKey

Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon

Innovative Secure Boot System (SBS) with a smartcard.

Table of Contents. What is Brute Force Attack? 13 How does the diskashur protect against brute force attack? 13

Firmware security features in HP Compaq business notebooks

Kaspersky Lab s Full Disk Encryption Technology

Recommended Approach to Encrypting GNL Files

ACER ProShield. Table of Contents

Functional diagram: Secure encrypted data. totally encrypted. XOR encryption. RFID token. fingerprint reader. 128 bit AES in ECB mode Security HDD

Digital Signatures on iqmis User Access Request Form

USB Portable Storage Device: Security Problem Definition Summary

Verbatim Secure Data USB Drive. User Guide. User Guide Version 2.0 All rights reserved

Pointsec Enterprise Encryption and Access Control for Laptops and Workstations

Navigating Endpoint Encryption Technologies

The virtual safe: A user-focused approach to data encryption

GoldKey Software. User s Manual. Revision WideBand Corporation Copyright WideBand Corporation. All Rights Reserved.

Security Architecture Whitepaper

Full Drive Encryption Security Problem Definition - Encryption Engine

Enova X-Wall LX Frequently Asked Questions

Using End User Device Encryption to Protect Sensitive Information

FACT SHEET: Ransomware and HIPAA

RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief

FLASH USB Introduction ENGLISH

USER MANUAL DataLocker Enterprise

Guidelines on use of encryption to protect person identifiable and sensitive information

Smart TPM. User's Manual. Rev MD-STPM-1001R

Table of Contents. TPM Configuration Procedure Configuring the System BIOS... 2

Are your multi-function printers a security risk? Here are five key strategies for safeguarding your data

USB Portable Storage Device: Security Problem Definition Summary

TPM. (Trusted Platform Module) Installation Guide V for Windows Vista

Secure Data Exchange Solution

High Security Online Backup. A Cyphertite White Paper February, Cloud-Based Backup Storage Threat Models

Protecting Your Business from Costly Data Theft: Why Hardware-Based Encryption Is the Answer

CONTENT SECURITY KRAMER S APPROACH TO SECURING DATA WITHIN WIRELESS TRANSMISSION KRAMER WHITE PAPER

Securing Host Operations with a Dedicated Cryptographic IC - CryptoCompanion

10 steps to better secure your Mac laptop from physical data theft

eztechdirect Backup Service Features

Don't Be The Next Data Loss Story

How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization

PENN. Social Sciences Computing a division of SAS Computing. SAS Computing SSC. File Security. John Marcotte Director of SSC.

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

LOK-IT ENCRYPTED USB User Instructions

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan

Adopt and implement privacy procedures, train employees on requirements, and designate a responsible party for adopting and following procedures

IronKey Data Encryption Methods

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

Research Information Security Guideline

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

BANKING SECURITY and COMPLIANCE

TPM. (Trusted Platform Module) Installation Guide V2.1

Perceptions about Self-Encrypting Drives: A Study of IT Practitioners

etoken Single Sign-On 3.0

Securing Data on Portable Media.

Remote Access Securing Your Employees Out of the Office

2. To encrypt the drive for future use, click Yes (Fig 1, 2). This will start the encryption process.

DRAFT Standard Statement Encryption

Samsung SED Security in Collaboration with Wave Systems

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Sectra Communications ensuring security with flexibility

Healthcare Compliance Solutions

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

FAQ for USB Flash Drive

A practical guide to IT security

BEST PRACTICES. Encryption.

Securing Data Stored On Tape With Encryption: How To Choose the Right Encryption Key Management Solution

Guide how to protect your private data with Rohos Disk Encryption

HP ProtectTools Embedded Security Guide

Last modified: November 22, 2013 This manual was updated for the TeamDrive Android client version

Encrypting with BitLocker for disk volumes under Windows 7

Chapter 1: Introduction

Flexible Identity. Tokenless authenticators guide. Multi-Factor Authentication. version 1.0

Self-Encrypting Hard Disk Drives in the Data Center

SecureLock Tool Functions:

That Point of Sale is a PoS

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

Solid-State Drives with Self-Encryption: Solidly Secure

Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services

Transcription:

Aegis Padlock for business Problem: Securing private information is critical for individuals and mandatory for business. Mobile users need to protect their personal information from identity theft. Businesses are mandated by federal and state law to secure personal information stored in electronic format. Securing mobile storage devices has become a primary concern for most companies. One such concern involves the implication of losing a portable hard drive containing sensitive or personal customer information. Compliance legislation like Sarbanes-Oxley, HIPAA (Health Insurance Portability and Accountability Act) and other state legislation of personal information mandates the security of mobile devices must be considered when developing compliance strategies. Compliance and portable drives California s SB 1386 mandates the notification of California residents in the event of unauthorized acquisition of their personal information that is stored in an electronic format. Personal information includes the first and last name and either a social security number; drivers license number, account number, credit or debit card number, along with the security codes, passwords or access codes that would allow access to an individual s account. Fortunately, California s SB 1386 has made allowances when this sensitive data has been encrypted; this includes data on mobile devices like the Aegis Padlock. If users are issued an Aegis Padlock for storing sensitive or personal customer data and the drive is lost or stolen, reporting the security breach is not required. Compliance and networks The exposure of personal information is not limited to portable devices. Corporate networks are also at risk of unauthorized access to this information. When a breach of security occurs, consumers will ultimately lose confidence, the company suffering damage to their reputation and financial losses. Enterprises are faced with a multitude of attacks and must make funding decisions on how best to increase their security infrastructure. Therefore, security products like the Aegis Padlock that protect access to and encrypt data on portable drive should be considered when making budget decisions. Kurt Markley, Corporate Sales Manager To request an evaluation unit please call Direct: (858) 513-4440 Email: kmarkley@apricorn.com www.apricorn.com Apricorn, Inc. 12191 Kirkham Road Poway, CA 92064 1-800-458-5448 2010 Apricorn, Inc. All rights reserved. Produced in the United States

Solutions for securing data on portable hard drives Apricorn Aegis Padlock Apricorn s Aegis Padlock is the ultimate portable hard drive and secure storage system. The Aegis Padlock s unique design features include an easy-to-use keypad and software free design that enable access to the drive with a unique personal identification number (PIN, aka password) on virtually any USB equipped system and is compatible with virtually any operating system. Simply plug in the Aegis Padlock into any powered USB port, enter the secret PIN and access the encrypted data. The Aegis Padlock incorporates a National Institute of Standards and Technology (NIST) certified 128- bit or 256-bit AES hardware encryption algorithm. The Aegis Padlock includes a standard SATA 2.5 hard drive and is housed in an enclosure that includes the user interface, encryption circuitry, integrated USB cable and shock mounting for the hard drive. The Aegis Padlock is formatted with a single encrypted partition that provides seamless on-the-fly encryption for keeping data safe and protected even if the hard drive is removed from its enclosure. The Aegis Padlock supports up to ten users and one administrator each with a unique PIN with a minimum of 6 characters and a maximum of 16 (This feature can be customized via firmware that allows for changes on various models). Target customer The Aegis Padlock is designed for corporate, government and personal users whose data should be accessible only by the designated users or system administrator. Business users are mandated by federal and state laws to protect customer s personal information and the penalties can be very costly in actual fines as well as damage to the company s reputation as customers are notified about the breach. No software installation is required for setup or operation, providing for a simplified deployment in corporate environments. The administrator feature allows enrollment of up to ten unique user ID s and one administrator, making it a useful business collaboration tool. Most government agencies require users to store all information on at least AES 128 bit encrypted hard drives for information that is considered secret level. Personal users need a safe harbor for personal data financial records and so forth. All three types of users can now store confidential information in a password protected, hardware encrypted portable storage device with AES 128 bit or 256 bit encryption. Only upon a successful authentication will the information become accessible. Encryption Types of Encryption There are many types of encryption and many good resources with a complete explanation of the history of cryptography. This article examines why one type of encryption may be considerer over another with respect to securing portable hard drives. If the primary objective is to have a solution that is seamless, readily adopted by users and meet the mandated encryption requirements then 128 or 256 Advanced Encryption Standard (AES) is the best choice.

Why choose the security of Aegis Padlock? According to the Committee on National Security Systems (CNSS) Policy Number 15, Fact Sheet Number 1; The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths. As well, 128 and 256 AES is sufficient for all of local, national and International mandates for protection of personal information. Aegis Padlock Hardware Encryption The Aegis Padlock offers 128 or 256 bit AES realtime encryption with the Initio 1607 cryptographic engine which is NIST (National Institute of Standards and Technology) and CSE (Communications Security Establishment) hardware AES (Advanced Encryption Standard) certified algorithm, certificate number #1174. It also creates a secure Trusted Path between the Aegis Padlock and host computer that protects all data on the drive. An additional security feature includes the way the Aegis Padlock is recognized by the operating system. Once the USB cable is connected, the operating system sees the Aegis Padlock as a removable device in media not present state, so accessing the drive is not even possible. After PIN login is completed the device is unlocked and the operating system invokes a media inserted event. Complete security is ensured with the data stored in AES encryption; even if the drive is removed the data will be completely inaccessible. Hardware Encryption vs. Software Encryption Software solutions for hard drives have been available for some time now. They have often been criticized for being inconvenient, slow and like any other software, prone to needing updates. In contrast, hardware encryption is very reliable, fast and convenient. Since hardware encrypted drives are not subject to updates, the costs related to traditional software solutions are eliminated. Another great advantage of hardware encrypted drives, they can be easily reset. This reduces the amount of time spent scrubbing the drive or erasing disk data, which in turn stretches the IT department budgets when redeployment of assets is necessary. Why choose the Aegis Padlock? 1) Access to the Aegis Padlock is protected via a secure PIN. The Aegis Padlock drive is only recognized by the host computer once unlocked by the user s unique PIN. Up to ten different PINs can be used, making the Padlock a secure business collaboration tool. 2) The Aegis Padlock s encrypted hard drive seamlessly encrypts data in real-time with 128 or 256 bit AES encryption. The data on the drive remains impenetrable, even if removed from its enclosure, ensuring the utmost in protection for even the most sensitive files. 3) Rugged and Compact. Perfect for taking on the road, the Aegis Padlock s compact design includes an integrated USB cable and shock mounted design

Protecting your data against the threat of attack Protecting Against Common Threats The most common scenario involves an act of opportunity to use or resell the device after finding or stealing the hard drive. In this case the data would be completely protected regardless of the intended use. The Aegis Padlock encryption would sufficiently protect the data stored on the drive from being accessed in the event of a stolen or found drive, even if the hard drive is removed from the enclosure. Without knowledge of the unique PIN, the drive could be redeployed by resetting the drive which erases the encryption key as well as all PINs and renders the data useless and inaccessible. The biggest concern for a user would be a theft targeting the data on the drive. Without knowledge of the PIN the thief may mount a cryptographic attack to unlock and access the data on the Aegis Padlock. One approach may be to attempt to determine the encryption key used to encrypt the data. With the aid of a high speed computer and state of the art decryption tools, the thief might copy all of the raw encrypted data from the drive and attempt to decipher the encryption by trying different encryption keys until the encryption key was discovered. 128 bit AES offers a total of 3.4 x 10^38 individual keys. It is estimated that if a DES key generator were able to discover 1 DES key per second, it would take 149 thousand-billion (149 trillion) years to crack a single 128 bit AES key. The likelihood of a successfully recovering the encryption key within several years is extremely unlikely. Only an extremely motivated thief with abundant resources and time would even consider this approach. Another brute force attack might be to determine the PIN and would require a thief trying possible combination of keys to discover the correct PIN. The number of possible PINs based on a minimum length of 6 characters and a maximum of 16 would range from 6^10 to 16^10 for each PIN. Without knowledge of the PIN length the thief would have to try all possible PIN lengths as well. The Aegis Padlock is designed to allow 6 PIN attempts before blocking additional attempts. Once the Aegis Padlock shuts down the user will need to unplug the drive by removing power, then plug in the drive again to have 6 more attempts. Once the total number of unsuccessful attempts reaches 50 the drive will lock and require a special PIN to allow another 50 attempts. When the total number of unsuccessful attempts reaches 100 the drive will lock and require a complete reset. The reset will also reset the encryption key making any data on the drive un accessible. Given the possible number of PIN combinations and built-in brute force protection a successful brute force attack via any method is extremely unlikely. However, social engineering of the owner of the drive (to get the PIN) would be the easiest way to discover the PIN. This would involve an attacker deceiving the user into revealing the PIN or the attacker finds the PIN written somewhere. Also, an attacker could just observe the user entering the PIN as they access the device. Additionally, common PINs such as phone numbers, address, names, etc. would be considered

by a motivated attacker. Electronic bugging of the target s home and office could also provide the PIN needed to access the device. Depending on the value of the data and motivation of the attacker, they may just choose to bypass the Padlock altogether and introduce malware into the target s PC as a way of acquiring sensitive data. There are many ways a motivated attacker may succeed against a targeted victim and many of them do not require a cryptographic attack. Using Secure Password Policies The device owner is the device administrator. He controls the PIN administration for the device for the administrator PIN as well as other users of the device. In a corporate environment, it is the owner s responsibility to follow company protocols for handling password administration including password length and password storage. However, all of the PINs stored on the device will be completely protected and may only be deleted or replaced with a new PIN if the PIN is lost or forgotten. For personal use it is important to follow some best practices when it comes to passwords. Don t share pass codes Exercise caution when entering the pass code Change the pass code regularly Don t use common pass codes names / birthdates Save the pass code in secure place Key Generation/Management Figure 1 illustrates the block diagram of the construction of the Aegis Padlock. The encryption chip encrypts and decrypts the data based on a 128-bit or 256-bit AES key. This AES key is only accessible by the encryption chip and not accessible by the user. The user would need to login with the correct PIN, using the keypad, before the drive is unlocked and recognized by the host system. At this point the encryption chip begins the encrypting and decrypting operations allowing access to the hard drive. The Apricorn Aegis Padlock handles authentication without sending any data to the computer. Once the correct PIN is entered in the keypad, the microcontroller allows access to the drive. Since the PIN is never sent to the computer, it is not possible for software on the computer to intercept the PIN Summary The Apricorn Aegis Padlock is the ideal solution for corporate, government and personal users whose data should be accessible only by the designated users or system administrator. The Aegis Padlock s low powered design is perfect for taking your data on the road. This ultimate secure hard drive features a compact robust design and a 16-point omni-directional shock mounting system, protecting the drive from drops and knocks. The convenient integrated USB cable eliminates the need to carry around cables and allows connection at the flick of a fingertip. Whether you need to protect highly sensitive corporate documents, personal information, photos, music or video files, the Aegis Padlock is the ideal hard drive to safely transport your data. Figure 1

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information