How do I Secure My MacBook Pro and Data transferrin to/from "outside" parties?

Discussion in 'MacBook Pro' started by 2000328ci, Jun 12, 2008.

  1. 2000328ci macrumors member

    Joined:
    Jun 12, 2008
    #1
    Basically, I have a program that I use to back up certain files/folders on my computer and, as a result, am scared that the vendor which does so could potentially get their hands on other files. As i work for a government job, I want to make sure that my files are secure and that data transferring from me to a third party (whether email or a chat program) isn't intercepted along the way. How can I check to make sure that me and the other end of the receiving line are the only two seeing the information being sent? As I am not super computer savvy, I apologize if this is a dumb question or one which opens up a can of worms but can someone please let me know what would be best?
     
  2. alphaod macrumors Core

    alphaod

    Joined:
    Feb 9, 2008
    Location:
    NYC
    #2
    Well I use PGP; you generate 2 keys-- a private key and a public key; when someone emails you something, the computer generates a new key, encrypts the file via 1024-4096 bit encryption; then it uses the public key to encrypt the randomly generated key; when you get the encrypted file, you use your private key, enter the passphrase and decrypts the formerly generated random key which will then decrypts the file.

    If you want to send someone else something, they give you their public key. Remember public is used for encrypting; it can be used to encrypt anything; it can't decrypt; the price key is needed to decrypt.

    I think PGP for just emails and stuff is free. If you want to encrypt physical hard drives then you have to pay for a license.

    http://www.pgp.com/products/desktop_email/index.html

    As with chat such as AIM, when both parties have PGP, and a connection is started, a random key is generated and the connection and conversation is encrypted.
     
  3. Uh Clem macrumors newbie

    Joined:
    Jun 9, 2008
    #3
    Does the backup software ask you for an administrator username and password when making a backup? If not, then you could create another account for sensitive information and set permissions on the sensitive files so they can only be accessed by the new account. When you run the backup program logged in under the old account, it won't be able to access the sensitive files.

    If it does ask for an administrator username and password, then it probably becomes "root" so it can backup files it otherwise wouldn't be able to access. In that case, you'll have to trust that the backup program only accesses the files you tell it to.

    Another option would be to keep sensitive files on an external drive and unplug the drive when you run the backup program.

    Unless you encrypt your email as Alphaod suggests, your email could potentially be intercepted by a third party. You can configure Apple Mail to use SSL connections to your Internet provider's mail server (if they support it), but that only protects email as it travels between your computer and your Internet provider's mail server. The connections between email servers on the internet is almost always NOT encrypted.
     
  4. kgeier82 macrumors 65816

    Joined:
    Feb 18, 2008
    #4
    why not just make a password protected .dmg file with disk utility, and send it back and forth?

    I mean, how much space are the files your sending back/forth taking up? I would assume under 10MB, since thats what email limits most the time.


    this avoids the whole PGP mess. And provides a simple level of security.
     
  5. alphaod macrumors Core

    alphaod

    Joined:
    Feb 9, 2008
    Location:
    NYC
    #5
    Simple security is the same as no security if a party wants your data bad enough.
     
  6. Gelfin macrumors 68020

    Gelfin

    Joined:
    Sep 18, 2001
    Location:
    Denver, CO
    #6
    Any security is the same as no security if someone wants your data bad enough.

    OP, your concerns are quite legitimate, but if you work for a government agency, then you should be taking your concerns to your agency's IT management. It is their responsibility to establish security policies and services that allow "not super computer savvy" guys like yourself to more or less just do your job, only securely.

    There are a number of companies that provide enterprise solutions into the government space. If you are concerned about the possibility of immediate losses, the suggestion to use and share an encrypted DMG is sufficient. Use AES-256 and use the longest password it will let you (31 characters, as I recall). If you need to share the password with others, do it in person if possible, and don't write it down anywhere. If you need to work with non-Mac-users, try TrueCrypt instead. This is just a band-aid, though. You need a solution for your organization that accounts for your specific needs, not something you hacked together yourself.
     

Share This Page