Tips on Securing my New cMBP?

Discussion in 'Mac Basics and Help' started by doubledee, May 30, 2013.

  1. doubledee macrumors 6502

    doubledee

    Joined:
    May 14, 2012
    Location:
    Arizona
    #1
    I am planning on getting a new conventional MacBook Pro, and would appreciate any and all tips on how to SECURE IT!!!

    Over the last several months, I have been trying to learn all I can about security, but obviously it it a large topic!

    Since I am spending all of this $$$ on a new laptop, now seems like a great time to "super-size" my computer habits to make things more secure and get off to a good start!!

    I am also concerned, because I will be transferring over maybe 350GB of existing data from my current MacBook!!

    In reality, I guess I don't have any really serious strategies in place, other than these...

    - I don't surf to or download Music, Movies, Games, or Porn

    - I don't do Social Media (Barf!!!!)

    - Most of my Internet usage is News, User Groups, Online Radio Stations, and Researching IT/Business things

    - I recently got an AT&T Data Plan, so I no longer rely on Free Wi-Fi. (+1)

    - I also got WiTopia, so now I always surf via an "Encrypted Tunnel" between "The 1st Hop" and WiTopia.

    - I have all of the basic things in System Preferences set as you'd expect (e.g. Firewall Enabled, Secure Memory, Password-Protected Screensaver, No File Sharing, etc.)


    (NOTE: It is important to understand that I am away from home and living on the road. My life is on my laptop, and since it has a lot of business things on it and personal information, it is much more than most people's Macs have on them!!)


    Things I want to start using:
    - Full Disk Encryption
    - RAM Pin
    - Pass-Phrases


    Things I am curious about:
    - Anti-Virus Software
    - Encrypted Files & Directories (On top of FDE)


    Things I am worried about:
    - Existing Files on my current MacBook
    - Root Kits
    - Things that I don't know I should be worried about!!!


    Here is hoping that I can come up with a solid strategy which is cost-effective and easy enough to implement from the start... Because I should be getting my new cMBP in the next week, and I want it to be secure from Day 1 and moving forward!!

    Calling all Security Gurus!!!

    So what do you guys recommend to make me and my new MBP more secure??

    Sincerely,


    Debbie
     
  2. Bear macrumors G3

    Joined:
    Jul 23, 2002
    Location:
    Sol III - Terra
    #2
    To answer bits and pieces:

    You don't need an antivirus program for OS X.

    As for FileVault full disk encryption, a very good idea. It will take a while to encrypt the whole disk. You can sleep and shutdown the system during the process, when you restart the system the encryption process picks up where you left off.

    To go with that, you should encrypt your Time Machine drive(s) as well.

    Doing separate encryption on files on top of FileVault will not really gain you extra security. But if you decide to do that anyway, use encrypted disk images.
     
  3. Eric Lee macrumors newbie

    Joined:
    May 24, 2013
    #3
    Hi,

    You don't need one, you wouldn't even necessarily need one running windows, however, there's no harm in having one. It is especially reasonable if you're sharing files with friends or colleagues at work, because even if the antivirus probably won't filter out any OSX malware there is a good chance it will catch windows malware, from e.g. mail attachments, you'd otherwise pass on to other people.

    Actually it does bigtime (if you aren't using the same passphrase ;)), but one should really think about needing something like this. If you are not exposed it probably won't make any sense. If you are carrying important data it can make very much sense. I am using FileVault2 for FDE in combination with TrueCrypt for encryption of external devices and encryption of storage containers. This way you have many options e.g. when it comes to sharing files inside a company and you have to lend your USB drives to others or if you want to upload files to a cloud service I strongly recommend using encrypted containers, because most cloud services aren't as secure as they want you to believe.

    I don't know how important your data is in terms of motivating people to steal it. If you think it might be highly motivating and since we're discussing laptop security I highly recommend doing the container encryption on top of FileVault2 FDE. The reason is pretty simple, when your MBP gets stolen while turned on or sleeping a sophisticated attacker can easily extract the FDE encryption key from RAM (if you're interested in this google: extracting disk encryption keys from volatile memory filevault). For this reason you should also remember to unmount any mounted cyprocontainers or encrypted volumes before sending your MBP to sleep or leaving it unattended. Depending on the encryption software you use it can be necessary to wipe the RAM after you unmount a container/volume. (If you are planning on leaving it unattended I recommend getting a Kensington lock).

    There is probably no need to be worried about OSX rootkits in the near future. OSX is using multiple security layers one of them being binary protection, so windows-inspired userland-rootkits will have a very hard time. Of course there are other types of rootkits but for OSX you won't encounter those "in the wilds".

    Have you thought about things like security/privacy enhancing browser addons (like ABP, NoScript, DNTM, SSL redirect, cookiemanager) and using a secure DNS like Norton Secure DNS?

    Bye :)
     
  4. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #4
    That is outdated info. The utilities mentioned in the articles are using direct memory access (DMA) to grab the password from memory. DMA access in OS X was blocked starting with Lion 10.7.2 so this is a non-issue.
     
  5. satcomer macrumors 603

    satcomer

    Joined:
    Feb 19, 2008
    Location:
    The Finger Lakes Region
    #5
    I feel FileVault would slow down your Mac. I would suggest something like Espionage to secure certain folders. For antivirus (there are no viruses for OS X, just some Trojans) use the free Clamav.

    Lastly there is the Apple updates for know Mac Trojan XProtect once one is dedicated. Also I strongly suggest using something like OpenDNS (they have a basic video to show you how it works to block known Trojan hosting web sites, etc.).
     
  6. doubledee thread starter macrumors 6502

    doubledee

    Joined:
    May 14, 2012
    Location:
    Arizona
    #6
    Pretty bold statement about NOT needing Anti-Virus Software...


    Why not encrypt External Drives with FileVault2?

    Why those versus encrypted files?


    There is a way to add an EFI password which should take care of that threat.


    Anyone else care to comment on this??


    No, I'm not familiar with any of those... :confused:

    Sincerely,


    Debbie
     
  7. saberahul macrumors 68040

    Joined:
    Nov 6, 2008
    Location:
    USA
    #7
    I've had hardly any performance changes after turning on FileVault2 on my Mac last year.
     
  8. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #8
    Here is a before and after test with Filevault. It has very little impact on speed.
     

Share This Page