Data security

Discussion in 'Mac Pro' started by sparkie7, Feb 26, 2012.

  1. sparkie7 macrumors 68000

    sparkie7

    Joined:
    Oct 17, 2008
    #1
    I have been out of the loop on this topic for a while. But since I'm moving some of my equipment into a shared open space studio..

    what is the best method to secure the data on my drives from being copied?

    - there is a password protection feature on mac OS to access the drive. but this can be gotten around by starting up from an external drive then one can clone the internal drives and pick the data out.

    - is there some software i can erase and formate the drives with that will be secure and not be bypassed as above?

    - is there a hardware security like a USB dongle/stick disk that can be used as a physical key?

    i'm all ears..
     
  2. 808? macrumors 6502a

    Joined:
    Aug 4, 2011
    Location:
    Hong Kong
    #2
    Don't connect to your local network or internet. :D
     
  3. initialsBB macrumors 6502a

    Joined:
    Oct 18, 2010
    #3
    Apparently FileVault 2 is good, and as it encrypts the data there is almost no chance of anyone being able to crack it. I think it only works on the boot drive though (?) and of course if you lose your master password you're screwed.
     
  4. sparkie7 thread starter macrumors 68000

    sparkie7

    Joined:
    Oct 17, 2008
    #4
    I'm only on OS X 10.6.8, so only have FileVault 1. Do I have to format with any special settings using Disk Utility or can I turn it 'on' and 'off' at will?

    Does it slow the whole system down with its encryption? ie. Hard drive and CPU usage, is it noticeable?

    Would like to hear from users.. Any other options?
     
  5. Sirolway macrumors 6502

    Joined:
    Jun 13, 2009
    Location:
    London
    #5
    Another option would be to use TrueCrypt (free) & create an encrypted vault on the shared drive. That would be pretty secure ...
     
  6. sparkie7 thread starter macrumors 68000

    sparkie7

    Joined:
    Oct 17, 2008
    #6
    just found this:

    http://reviews.cnet.com/8301-13727_7-57369983-263/filevault-2-easily-decrypted-warns-passware/

    "In a statement (PDF) issued this morning, password recovery company Passware has claimed that it can fully decrypt a FileVault-encrypted Mac disk within an hour."

    "Passware has been actively tackling various encryption technologies such as BitLocker, TrueCrypt, and FileVault, and says its latest Passware Kit Forensic 11.3 software can extract encryption keys for all of these technologies. In addition to extracting FileVault keys, Passware can also extract passwords from encrypted keychain files and recover log-in passwords for user accounts."

    Yipes
     
  7. Macman45 macrumors demi-god

    Macman45

    Joined:
    Jul 29, 2011
    Location:
    Somewhere Back In The Long Ago
    #7
    I think this is more about sensible practice rather than fiddling with third party apps. The studios I frequent are places I trust, with people who (I'm pretty sure ) would not attempt to steal from me.

    Having said that, I adopt a best practice attitude when there. I don't leave my MBP or MBA unattended , I use password protection on the screen. I have yet to be hacked, stolen from or otherwise suffered theft in any way.

    Common sense is your best friend in situations like this.
     
  8. initialsBB macrumors 6502a

    Joined:
    Oct 18, 2010
    #8
    The article does not mention the essential prerequisites of the hack which are direct access to the machine in an ON state with a $1000 application. It needs access to the keys stored in RAM, and cannot work via network access. No solution is fail safe, but all reports I have seen on FileVault 2 are positive.
     
  9. sparkie7 thread starter macrumors 68000

    sparkie7

    Joined:
    Oct 17, 2008
    #9
    as in loggin out your account?
     
  10. Macman45 macrumors demi-god

    Macman45

    Joined:
    Jul 29, 2011
    Location:
    Somewhere Back In The Long Ago
    #10
    Yes, it works for me, just simple sensible things and you should be fine IMO.
     
  11. sparkie7 thread starter macrumors 68000

    sparkie7

    Joined:
    Oct 17, 2008
    #11
    hmm.. yeah.. definitely by-passable

    i'm starting to think an encrypted folder or volume is the way to go. can Truecrypt encrypt an entire partition?
     
  12. nanofrog macrumors G4

    Joined:
    May 6, 2008
    #12
    Even if it can, keep in mind that software implementations cannot secure the MBR, which leaves a potential "hole" that can allow data to be extracted. So it's a bit more secure.

    If you're paranoid, then you'll want to investigate hardware solutions (256bit), as the 40bit variants can be cracked via brute force.

    I'm not sure of your specific situation, so take a look at Wiki's Full Disk Encryption page for further information, and see which method is suitable to your usage.
     
  13. sparkie7 thread starter macrumors 68000

    sparkie7

    Joined:
    Oct 17, 2008
    #13

    mbr?
     
  14. nanofrog macrumors G4

    Joined:
    May 6, 2008
    #14
    Master Boot Record.

    The MBR launches first (where the beginning of the bootloader is located, which points to the GPT). Once in the GPT, the rest of the boot process is completed and OS X is up and running.

    Since you're interested in software encryption tools for OS X, it would be worth checking them out to see if the GPT is actually encrypted/unencrypted, or has holes that can be cracked under certain conditions if it is encrypted.
     
  15. sparkie7 thread starter macrumors 68000

    sparkie7

    Joined:
    Oct 17, 2008
    #15
    thanks. i'm wondering if i should have all my data on a pocket external like my Mini G-Drive. when i'm not in the studio i dismount and take it with me. still need something more portable. maybe a 32GB memory stick?
     
  16. nanofrog macrumors G4

    Joined:
    May 6, 2008
    #16
    There are external HDD's that do this as well if you need more capacity and/or speed than a USB stick can provide (uses a USB stick-type device with the external drive).

    Addonics offers such products (go for 256bit capable if you go this route).
     
  17. sparkie7 thread starter macrumors 68000

    sparkie7

    Joined:
    Oct 17, 2008
    #17
    thanks Nanofrog. i found this:

    http://www.addonics.com/products/cpd256u.php

    pity its not firewire. but i like the cipher key, like the hardware dongle i mentioned in my earlier post. now imagine if  had these keys for the Mac Pro, iMacs, MBA's and MBP's.. why not? data is the most important thing, and it should be kept secure
     
  18. nanofrog macrumors G4

    Joined:
    May 6, 2008
    #18
    What you want exists. For example, Wiebe Tech offers one with USB, eSATA, and FW800 ($199 for the empty enclosure and and your drive of choice).

    For another FW800 alternative, take a look at this.

    Please realize, this is just entry level (single disk). Scalable solutions exist as well, so if you need it, it actually does exist. Imation would be a place to start if you need something like this (scalable example).
     
  19. tomllama macrumors regular

    Joined:
    Jan 7, 2007
    Location:
    CA
    #19
    I use PGP to encrypt and protect a disk that houses my financial data. It's not free and it's not all that simple to get set up, but it ensure encryption of the data on the disk.

    It's not clear if you want every file encrypted so each time you access it you must supply a password (not what PGP does) or simply want the disk encrypted so that you must supply the public portion of the key to mount and decrypt the disk/data (what PGP does).
     
  20. sparkie7 thread starter macrumors 68000

    sparkie7

    Joined:
    Oct 17, 2008
    #20
    thanks again Nano. will look at these

    none out yet with thunderbolt + key?

    ----------


    i need the data to be 110% secure. this includes the system/apps/data - the whole shebang. why isn't there a hardware key that enables/disables an entire mac and its drives+data?

    it would get around having to 'encrypt on the fly' etc where it potentially affects performance.
     
  21. nanofrog macrumors G4

    Joined:
    May 6, 2008
    #21
    Not that I'm aware of (or actually expect as TB is still too new ATM).

    You could look into a biometric device as a means of accessing your computer rather than just password protection, and shift your storage to hardware encrypted enclosures.

    The reason for this, is I'm not aware of any HDD's that include the encryption chip directly onto the HDD's drive controller board (no 3rd party device needed). So the encryption chip is installed on a 3rd party device that connects between the disk and the system (bridge device).

    Now there are such things as HW encryption HDD controller cards (HDD controller + HW encryption chip that connects between the computer and internal HDD's), but I don't know if any support OS X (the encryption HW doesn't need drivers, but the SATA controller does). Another note, is the controllers I can recall are all IDE (example), not SATA. Might be worth searching though.

    Had Apple utilized a TPM slot, you'd have that capability (why TPM was created, as businesses need system level security of this nature), but AFAIK, I don't recall seeing one on any board photos here in MR, nor any mention of one existing. :rolleyes: :(
     
  22. sparkie7 thread starter macrumors 68000

    sparkie7

    Joined:
    Oct 17, 2008
    #22
    Thanks Nanofrog. Never thought of that, are there biometric devices actually available and affordable? If so, know of any/recommendations perhaps. Thank you :)
     
  23. nanofrog macrumors G4

    Joined:
    May 6, 2008
    #23
    Take a look here (should get you started).

    You may need a version with the SDK in order to write your own code though, so this will take some research on your end.

    Good luck. :)
     
  24. DocNYz macrumors 6502a

    DocNYz

    Joined:
    Jun 9, 2008
    Location:
    East Coast, USA
    #24
    Has anyone found to a way to make it encrypt more than just the boot drive? Especially since for those of us that have separate boot drives, user accounts, externals, etc, the boot drive has the least amount of important personal files that need encrypting ...
     
  25. codymac macrumors 6502

    Joined:
    Jun 12, 2009
    #25
    Read Passware's documentation. Regarding Truecrypt... unless the Passware user has physical access to the machine with the encrypted volume mounted, the software performs a brute-force attack.

    http://www.lostpassword.com/hdd-decryption.htm

    The best evidence for the security of Truecrypt is Daniel Dantas:

    http://www.theregister.co.uk/2010/06/28/brazil_banker_crypto_lock_out/
     

Share This Page