Mac Security?

zdlyons · Jan 25, 2011

I was on apple's website browsing around, and it occurred to me: How can all my information on my MBP be secure, if anyone who knows how to use a mac can just start it up as a hard drive (holding "T" upon startup), hook up to it with a firewire cable, and drag whatever they want off of it? Is there a way to secure it?

Just some food for thought.
Thanks

kainjow · Jan 25, 2011

You'd want to encrypt your data. File Vault does that automatically (your entire home folder), or you can set up custom encrypted disk images for select files. Disk Utility can do this, and there are some apps that manage this for you (Knox for example).

zdlyons · Jan 25, 2011

kainjow said:
You'd want to encrypt your data. File Vault does that automatically (your entire home folder), or you can set up custom encrypted disk images for select files. Disk Utility can do this, and there are some apps that manage this for you (Knox for example).

thanks for clearing that up!
Edit:
How do i do this with disk utility?

munkery · Jan 25, 2011

You can prevent that by setting up firmware password protection if you find FileVault too intrusive (for example, have to log out for Time Machine to do backups). Password protected disk images to store sensitive files should not hinder Time Machine.

kainjow · Jan 25, 2011

New Image from the toolbar. In the Encryption popup select one of the options.

Essentially you'll have a virtual disk where you can store files. All data stored on that virtual disk will be encrypted.

However, if you lose your password or that file gets corrupted without a working backup, it's pretty much gone forever, so be careful.

munkery · Jan 28, 2011

The shown settings work well for password protected encrypted disk images to store files.

Either encryption (128 bit or 256 bit) is cryptographically secure at this point in time. Sparse bundle disk images dynamically expand and are designed to work efficiently with Time Machine. It is ok if label given in "Save As" is the same as "Name."

I like to make aliases to some of the folders within the disk image to put in my "Documents" folder for faster access.

Make sure to move the keychain entry from the login keychain to a separate keychain that does not remained unlocked if you save the disk image password in Keychain; otherwise, the security benefits are lessened because the disk image remains unlocked while you are logged in.

zdlyons · Jan 28, 2011

munkery said:
The shown settings work well for password protected encrypted disk images to store files.

Either encryption (128 bit or 256 bit) is cryptographically secure at this point in time. Sparse bundle disk images dynamically expand and are designed to work efficiently with Time Machine. It is ok if label given in "Save As" is the same as "Name."

I like to make aliases to some of the folders within the disk image to put in my "Documents" folder for faster access.

Make sure to move the keychain entry from the login keychain to a separate keychain that does not remained unlocked if you save the disk image password in Keychain; otherwise, the security benefits are lessened because the disk image remains unlocked while you are logged in.

Thank you for explaining this! I think the reason i couldn't get it to work before was the login keychain thing. Works great now!

LPZ · Jan 28, 2011

http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml

http://images.apple.com/support/security/guides/docs/SnowLeopard_Security_Config_v10.6.pdf

munkery · Jan 29, 2011

munkery said:
The shown settings work well for password protected encrypted disk images to store files.

Either encryption (128 bit or 256 bit) is cryptographically secure at this point in time. Sparse bundle disk images dynamically expand and are designed to work efficiently with Time Machine. It is ok if label given in "Save As" is the same as "Name."

I like to make aliases to some of the folders within the disk image to put in my "Documents" folder for faster access.

Make sure to move the keychain entry from the login keychain to a separate keychain that does not remained unlocked if you save the disk image password in Keychain; otherwise, the security benefits are lessened because the disk image remains unlocked while you are logged in.

This also works for some software that stores files in an insecure manner. Locate the folder used by the program, make an alias of the folder, and move the original folder into a password protected encrypted disk image. Store the keychain entry for that folder in a keychain other than login; preferably, a keychain that you manually open and close. Then, when you launch the app, it will ask for your keychain password to access the folder. This does not work for all folders associated with some apps.

Make sure to close the keychain when finished using the app. If you do not use keychain, it will ask for the password set to the disk image. Using keychain is efficient if you have many apps set up in this manner. It also safely makes a backup of the disk images password that may be more difficult to remember than the keychain password.

munkery · Feb 2, 2011

Here are more suggestions -> https://forums.macrumors.com/posts/11835313/

Search

Search

Mac Security?

zdlyons

macrumors member

kainjow

Moderator emeritus

zdlyons

macrumors member

munkery

macrumors 68020

kainjow

Moderator emeritus

munkery

macrumors 68020

Attachments

zdlyons

macrumors member

LPZ

macrumors 65816

munkery

macrumors 68020

munkery

macrumors 68020

Our Staff