Product Reviews

The minuscule iButton from Dallas Semiconductor is an innovative security device that we first saw in action in Chirson's PC Immobiliser. Chirson's Lock-out 2000 (LO2K) takes this concept a stage further, as it's designed to authenticate users logging into Windows NT, 2000 or XP systems and to lock the system when unattended.

LO2K uses the new Java-powered iButton, which stores the Windows username, password and domain. It also functions as a 106Kb removable drive, accessible either from the supplied FTP client or Windows Explorer, allowing you to store small files and security information such as PGP keys. If you lose the key, don't worry, as all stored information is encrypted and the iButton will erase its contents if physically tampered with.

The standard iButton holder is used with the Blue Dot receptor, but a new version can also be plugged directly into a USB port. Installation is simple and there are two methods of registration - a remote Internet mode that's tied to the MAC address of the system's network card, or Chirson can supply a master iButton with a single registration code for multiple systems.

LO2K polls the selected ports, checking for iButton insertion and removal. It replaces the Windows login prompt

ADVERTISEMENT

with its own message and, when it senses an iButton insertion, it downloads the user information and requests a PIN, also stored internally. The PIN value is entered along with the username and password when the iButton is first initialised. You can set a PIN length of four to eight characters, request only secure PINs comprising upper and lower case letters and numbers, and even use a screen keyboard to circumvent key-press sensing tools.

Intruders with a stolen iButton attempting to guess the PIN could be in for a long wait, as the iButton's internal circuit locks up for anything from 30 minutes to 24 hours after three failed attempts. Modification to an iButton also requires a separate administration PIN.

One issue with PC Immobiliser was that Lock-Out didn't run if an NT, 2000 or XP system was booted into Safe mode, but with LO2K you can now disable this. Be prepared for a fright though - you can still select this from the Advanced Options menu, but LO2K will force the system to hang with a blue screen and an 'inaccessible boot device' error.

Two actions are available on iButton removal - the user can be logged off or the system can be locked. Both methods worked fine during testing, and the former allowed us to swap easily from one user to another using different iButton tokens - an ideal solution for hot-desking. You can decide whether to allow both LO2K and Windows login access or restrict it to iButton holders only, and access permissions can be applied to any stored data. LO2K settings and options are also restricted to administrators only.

LO2K looks ideal for single users and large businesses alike. It provides a smart two-fold security system that requires the user's physical presence as well as a PIN and, as users don't need to know their Windows passwords, it simplifies administration.