Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

Michael Horowitz

Defensive Computing

About the Lenovo ThinkPad USB Secure Hard Drive

8 comments

TAGS:hard disk drives, Lenovo, ThinkPad
IT TOPICS:Security

If you travel with sensitive files, Lenovo's ThinkPad USB Secure Hard Drive strikes me as an excellent approach to security. There are many secure external hard drives, but I particularly like the approach taken by this one.

For one thing, it uses very secure, hardware based, full disk encryption. Every byte on the hard drive is encrypted. This protects even against someone cracking open the drive and removing the platters.

I also like that the security exists totally in the device. That is, the security of this external 2.5 inch hard drive does not depend on any software running in any computer.

For one thing, this makes it less error-prone. Most importantly, it frees up the hard drive from any and all operating system dependencies. Windows, Linux and Macs can all work with the drive.* Windows XP users can be limited/restricted, there's no need for administrator level security. Windows Vista users will never see a UAC prompt for the drive.

To be clear, I have not used the ThinkPad USB Secure Hard Drive, so this is not a review, more a heads up. H Security, a division of security company Heise did a good review.

When you connect the drive to a USB port nothing happens, as far as the computer is concerned. But the drive detects the connection and stands ready to accept a password. Passwords can range from six to sixteen digits (OK, it's a pass-number rather than a password).

When a valid password is entered, then the computer has access to all the files on the drive. At this point, there is no more security.

The full disk encryption only protects things until a password is entered. After that, it's clear sailing. You wouldn't want to connect a ThinkPad USB Secure Hard Drive to a computer and walk away for lunch. Re-locking the drive, however, is very simple - just unplug it.

Another benefit of the drive security being totally self-contained is that it does not preclude additional software security. For example, individual files could be password protected using the software that processes the file (think Word or Excel). Or, folders could be encrypted using an operating system feature. TrueCrypt users, such as myself, can continue working with encrypted volumes just like we've always done.

Software running on the computer would not know or care about the full disk encryption and vise versa.

Keeping sensitive files on an external hard disk has other advantages. When traveling, there are places that a relatively small 2.5 inch external hard disk can go that a laptop computer can not. And, although they are larger than USB flash drives, an external 2.5 inch hard drive is probably small enough that it never has to leave your side.

The final thing that the ThinkPad USB Secure Hard Drive has going for it is that it looks secure. There is no missing the fact that it has big numbered buttons on the top for entering a password (the review at Trusted Reviews offers a lot of images of the drive).

If you deal with clients, and need to keep their files secure, the drive screams security. It both looks secure and is secure. I hope my accountant uses one.

Afraid of forgetting the password? The drive supports 10 different passwords. For good luck, you might want to make a password consisting of 16 totally random digits and store it in a safe place.

The worst thing about this drive seems to be the name. What is "ThinkPad" doing there? It may give people the impression that the drive is only for use with ThinkPad laptop computers, when the reality is exactly the opposite.

The drive comes in 160GB and 320GB capacities and you pay a price premium for the security. As I write this, the 160GB model was selling for between $140 and $180. No doubt, for many it's money well spent.

*When dealing with multiple operating systems, there is the issue of a file system. Using an external hard drive with multiple operating systems means that the file system on the drive needs to be understood by each OS. FAT32 should work with all the major operating systems and many, if not most, Linux distributions can read/write to NTFS formatted drives (not sure about Macs).

Email this

Digg this

What People Are Saying

Add new comment

get a grip, folks! Giveaway

Submitted by Anonymous on June 10, 2009 - 12:05 A.M.

get a grip, folks! Giveaway a day is offering FREE today only:

Safe`n`Sec 2009 Personal provides proactive protection of your PC against known malicious threats and unknown “zero-day” attacks. Prevents confidential data, passwords and credit-card numbers leakage and blocks unauthorized remote control of your PC.

007, take-out devices, disgruntled workers--fuhgeddaboudit; this freebie takes care of everything so you can get some sleep.

Reply | Report this comment

Sounds interesting

Submitted by Anonymous on June 6, 2009 - 2:21 P.M.

First, it is not a good idea they decided to use only digits for a password. I don't need to explain why but it is not a good sign for me. Then there are questions to ask:
- can I format the disk with the file system I want ? What do they mean by driverless mode under Windows ? Do I have to install a driver for Linux or Mac ?
- what are the encryption algorithms, do they and their implementation have a solid reputation ? They mention AES but how about the implementation ? Any backdoors for law enforcement officials ?
- where can I find the detailed specs for this device ? Information on the web is pretty scarce.

Reply | Report this comment

Those are good criticisms, I

Submitted by Anonymous on June 6, 2009 - 8:33 P.M.

Those are good criticisms, I suppose, but being totally out of it as to computers I don't think I care. If it gets to the point I worry about backdoors for the FBI then I must be doing something illegal and my last name is Madoff.

Reply | Report this comment

Hard drive encryption

Submitted by Anonymous on September 30, 2009 - 4:37 P.M.

MAXTOR offers a hard drive that comes with hardware encryption. No password. no data!. It doesn't wipe out everyone within a 50' radius but it will deter most people. Since this a usb portable drive if you should lose the drive or leave it somewhere, your data is safe from prying eyes.

Reply | Report this comment

Then why

Submitted by Anonymous on June 7, 2009 - 12:46 A.M.

do you bother with encryption ? Believe me, my friend, I've spent the first half of my live living under an oppressive regime and you know what ? It's not that you're doing something illegal, important is that they think you're doing something illegal. Let me tell you that what I'm seeing here in North-America brings me memories about things I never imagined could happen here in what we all use to call "a free world".
Come to think for a second how many criminals you know have successfully used strong encryption ?

Reply | Report this comment

I think we're straying from

Submitted by Anonymous on June 7, 2009 - 10:48 P.M.

I think we're straying from the blog but...let me clue you in on my method: it is to use HD A with super duper Xtreme drop dead undecodable encryption and all other top level security barriers, and on another low level secured decoy HD B I store what I want "them" to see. The A HD is set to self-destruct upon improper entry and designed to take out anyone or anything within a 50 yard radius. That's even assuming anyone finds these remote devices.

Reply | Report this comment

Again to prove my point

Submitted by Anonymous on June 8, 2009 - 11:53 P.M.

Have you seen one of those movies where Superman or 007 comes, enters the secret code and stops self-destruct countdown sequence in the last second ? Would you endure a police officer smiling at you while doing exactly that ?
Encryption is like a lock to your door but you'll need to make sure you have solid walls all around your house with no backdoor.

Reply | Report this comment

Point well taken but... the

Submitted by Anonymous on June 9, 2009 - 9:49 A.M.

Point well taken but... the 007 self-destruct or fail-safe mechanism you refer to is part of the device being invaded. Many systems have distinct, separate and unrelated security barriers; unaccounted for searching or intrusions into the HD would set off safety nets external to the HD of an entirely different species. In your sense there can be no absolutely safe HD because the actual evil genius technician who built that very HD could've furtively planted a backdoor code known only to him and that could pass through rigorous inspection only because he knows every detail of the entire manufacturing process and he personally stamped it "A-OK." Nothing except the safeguard described above will prevent or defend against first stage tampering. If the manufacturer states there is no backdoor entry for law enforcement, do you trust that this means no malcontent employee has manipulated the product?

Reply | Report this comment

ThinkPad users beware of Internet Explorer hang problems

IBM scientists use DNA to build chips

Black Hat DC: Face time

RIAA decides to stop piracy lawsuits

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

All White Papers | All Webcasts

Computerworld Reports

8 Questions To Ask About Your Intrusion-Security Solution

Computerworld Technology Briefings IT Service Management

Computerworld Briefing - Analytics: The Art and Science of Better

All Computerworld Reports

Receive the latest technology news and information.

	Computerworld Daily News (First Look and Wrap-Up)
	Computerworld Blogs Newsletter
	The Weekly Top 10

View all newsletters

* E-mail Address:

* Industry:

* Job Title:

* Company Size:

* Country:

* State:

I would like to receive offers via e-mail from Computerworld partners.

Michael Horowitz's Archive

IT Topics

Sponsored Links

Play NetApp's New Data Defense Game.

Return on Information: Google Enterprise Search pays you back. Get the facts.

How Do You Rank as an Innovation Leader? Download Recent Study.

See how AT&T can help protect your network.

3 Innovations. 3 Free Downloads. Free trials of Windows 7, Windows Server 2008 R2 and Exchange Server 2010.

Take the Netezza TwinFin TestDrive!

NetScaler VPX : Harness the Power of Virtualized Web App Delivery

Get more enterprise mobility value for up to 25% less.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion.

NYUs M.S. in Management and Systems. Offered Online and On-site.

Crystal Reports Server: More options. Not more money.

Parallelism is not just for HPC. Create rich apps from desktop to device. Get the eval.

Tolly Performance Report "Citrix NetScaler with nCore Outperforms F5 BIG-IP"

Save up to 61% plus Free Cheesecake

Find IT jobs in the Healthcare industry on Dice.com

With the NEW KODAK i700 Series Scanners get full speed at 300dpi!

Not All QSAs Are Created Equal: What You Should Know Before You Buy

The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability

The AMD Virtual Experience Virtual Trade Show

Stay informed with custom newsletters from Tech Dispenser

New DW Options and Price Points. View Teradata Platform Family Data Sheet.

To get a better view of your entire data center, you need a better vantage point. Improve your vision with Hitachi IT Operations Analyzer - Free 30 day trial

Play NetApp's New Data Defense Game.

Extraordinary times demand Brocade Extraordinary Networks.

Citrix NetScaler with nCore Outperforms F5 BIG-IP - Learn More

64-page prescriptive guide to security, compliance, and IT operations.

Streamline IT Costs. Boost Performance with WAN Optimization

Enterprise Network & Server Monitoring Software. Cross over to Traverse...

Increase UPS efficiency without sacrificing protection

Crystal Reports Server: Single server access to reports & dashboards

Create new opportunities. See business making progress now

ESET NOD32 with ThreatSense(R) - Get your free trial now!

Looking to add Unix/Linux functionality to Windows?

Join the conversation about the hottest IT trends with Computerworld on Twitter.

ITwhitepapers.com - Access thousands of white papers on 300+ technical topics.

Leverage Your Cisco infrastructure for Superior Application Performance

Learn about the AMD Virtual Experience

Introducing: Project Icebreaker

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map

CIO

Computerworld

CSO

DEMO

GamePro

Games.net

IDC

IDG

IDG Connect

IDG Knowledge Hub

IDG TechNetwork

IDG Ventures

IDG.net

InfoWorld

ITwhitepapers

ITworld

JavaWorld

LinuxWorld

Macworld

Network World

PC World

The Industry Standard

Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.

About the Lenovo ThinkPad USB Secure Hard Drive

What People Are Saying

get a grip, folks! Giveaway

Sounds interesting

Those are good criticisms, I

Hard drive encryption

Then why

I think we're straying from

Again to prove my point

Point well taken but... the

Related Posts

Today's Top Stories

Hot Posts

Recent Comments

White Papers & Webcasts

Computerworld Reports

Newsletters

Michael Horowitz's Archive

IT Topics

Sponsored Links