New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Switcher Hangout The place for switchers to discuss their new machines, and how to work with OS X. General support can be had here for newbie stuff, like "How do I restart my new iMac?" :)

Security, encryption etc.


Post Reply New Thread Subscribe

 
Thread Tools
Pigstick

 
Pigstick's Avatar
 
Member Since: May 12, 2011
Location: China
Posts: 79
Pigstick is on a distinguished road
Mac Specs: Mac OSX 10.7.3: MBP 15" Early 2011 2.0GHz i7, 8GB, 500GB 5400RPM

Pigstick is offline
Hi,

Couple of months into the MBP and so far so good! I am about to go on holiday and have a few questions about security.

1. Hardware. As I understand it, if nasty person steals my MBP then, ignoring the data, he could simply start the computer with a system disc and reformat the hard drive and have a nice new computer? Apple has an option to install a firmware password which would prevent this but according to their support site this can be disabled by physical access to the inside of the computer, so is it worth the trouble? I am thinking of this as sort of a BIOS type password?

2. I currently use TrueCrypt which has served me well for years, for the relatively small number of files I need to encrypt, but I am conscious of the many posts recommending to use what comes with the machine- great advice so far. So I have read that I could use the disc utility to create a new image which would be encrypted? Is this actually a better way of doing things - TrueCrypt is excellent but can be a bit clunky? With TrueCrypt I can take it anywhere, could I put the disc image onto a thumb drive and open it from other Macs? I realise that I could encrypt the whole drive but this seems a bit over the top and wouldn't allow me to take a small number of encrypted files away... Some files I could simply encrypt using the option on Preview but I cannot find what level of encryption this is?

3. And finally(!) it has now occurred to me that my Time Machine backups are not encrypted. I do not see an option for encryption on the Time Machine preferences, - is there a way to do this without encrypting my MBP hard drive?

(Minor other thing. I was playing with Automator, having read an excellent post by lifeisabeach and have created a service - how do I delete it!!)

Thanks for the help!
QUOTE Thanks
chas_m

 
chas_m's Avatar
 
Member Since: Jan 22, 2010
Location: Victoria, BC
Posts: 17,048
chas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond repute
Mac Specs: 2012 MBP, Black speakers, Black Benq second monitor, black(ish) iPhone 5s, Black 2012 iPad, etc.

chas_m is offline
Quote:
Originally Posted by Pigstick View Post
1. Hardware. As I understand it, if nasty person steals my MBP then, ignoring the data, he could simply start the computer with a system disc and reformat the hard drive and have a nice new computer? Apple has an option to install a firmware password which would prevent this but according to their support site this can be disabled by physical access to the inside of the computer, so is it worth the trouble? I am thinking of this as sort of a BIOS type password?
Not really the same thing as a BIOS password. But the rest of your scenario is true. Disabling the firmware password is a LOT more trouble than just "has physical access to the computer," so yes if you think your laptop is at high risk of being stolen then it's probably worth doing.

Quote:
2. So I have read that I could use the disc utility to create a new image which would be encrypted? Is this actually a better way of doing things - TrueCrypt is excellent but can be a bit clunky? With TrueCrypt I can take it anywhere, could I put the disc image onto a thumb drive and open it from other Macs?
Yes.


Quote:
3. And finally(!) it has now occurred to me that my Time Machine backups are not encrypted. I do not see an option for encryption on the Time Machine preferences, - is there a way to do this without encrypting my MBP hard drive?
Not that I'm aware of, but your TM backup isn't on your MBP hard drive -- or at least it shouldn't be (that would be kind of dumb). I know there are hard drives that employ their own hardware-level encryption, but I've never used one so I have no idea if it would work with TM or not.

Another option is using a clone program to create a clone image of the drive to an encrypted sparse disk image (this would be in place of using TM for backing up). I believe this can be done with SuperDuper or Carbon Copy Cloner though again I've never tried it.
QUOTE Thanks
Pigstick

 
Pigstick's Avatar
 
Member Since: May 12, 2011
Location: China
Posts: 79
Pigstick is on a distinguished road
Mac Specs: Mac OSX 10.7.3: MBP 15" Early 2011 2.0GHz i7, 8GB, 500GB 5400RPM

Pigstick is offline
Thanks for the reply!

I have had a play with the Disc Utility and created a .DMG 'file'(?) which I understand to be a kind of folder. Works great. Small enough to include on Dropbox and a neater interface than TrueCrypt, although I lose the ability to load it across systems.

I am a bit surprised about Time Machine. It is one of my favourite things about the Mac, painless (and just cool to watch). Although I do not need to encrypt my entire hard drive on the computer, I do think that having a back up drive encrypted is sensible at times, especially if you store it off site as I do. If I lose my little hard drive (I'm preparing for a really bad day between my MBP being stolen and losing my back up drive!) I'd like to think it had some protection.
QUOTE Thanks
chas_m

 
chas_m's Avatar
 
Member Since: Jan 22, 2010
Location: Victoria, BC
Posts: 17,048
chas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond repute
Mac Specs: 2012 MBP, Black speakers, Black Benq second monitor, black(ish) iPhone 5s, Black 2012 iPad, etc.

chas_m is offline
A DMG file is short for Disk Image. There are two types: fixed and "sparse." As you may already know, a sparse image grows as you put more stuff into it. Storing a sparse image on Dropbox will work fine as long as you're careful not to exceed the 2GB.

Apple has a system for encrypting the entire User Folder (not the entire HD, since there's no reason for systems or apps to be encrypted) called FileVault. I would **STRONGLY** recommend you AVOID it -- it is very prone to people forgetting the master password or simply becoming corrupt, and if either of those happens your data is simply gone (there's no way to recover it).

Lion (coming next month) will have a new scheme called Filevault 2 -- my advice would be to anyone considering the use of Filevault would be to wait and check out Filevault 2 and see if they've corrected the issues that made the original Filevault a huge disaster for so many people.
QUOTE Thanks
Pigstick

 
Pigstick's Avatar
 
Member Since: May 12, 2011
Location: China
Posts: 79
Pigstick is on a distinguished road
Mac Specs: Mac OSX 10.7.3: MBP 15" Early 2011 2.0GHz i7, 8GB, 500GB 5400RPM

Pigstick is offline
Hi,

Thanks once again for the reply. I did not know about the sparse image so really useful tip - thanks.

I didn't know about the problems with FileVault corrupting. That leads me to wonder about the stability of the .dmg image option I am now using - and like a lot. Does it suffer from the same issue, as I believe it uses the same encryption system, or is it more reliable? I am backing it up, along with Time Machine, so unlikely all would be lost but I'd rather avoid an unreliable method.
QUOTE Thanks
chas_m

 
chas_m's Avatar
 
Member Since: Jan 22, 2010
Location: Victoria, BC
Posts: 17,048
chas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond repute
Mac Specs: 2012 MBP, Black speakers, Black Benq second monitor, black(ish) iPhone 5s, Black 2012 iPad, etc.

chas_m is offline
No, it doesn't suffer from the same issue.
QUOTE Thanks
Slydude

 
Slydude's Avatar
 
Member Since: Nov 15, 2009
Location: North Louisiana, USA
Posts: 6,546
Slydude has a brilliant futureSlydude has a brilliant futureSlydude has a brilliant futureSlydude has a brilliant futureSlydude has a brilliant futureSlydude has a brilliant futureSlydude has a brilliant futureSlydude has a brilliant futureSlydude has a brilliant futureSlydude has a brilliant futureSlydude has a brilliant future
Mac Specs: 2.8 GHz MacBook Pro 10.8,3 8 GB mem, 2.66 GHz Mac Pro - Dead, iPhone 4

Slydude is offline
Most of the time I deactivate services from the Keyboard preference pane and leave them on the system in case I need them later. If you want to delete a service the path is User/Library/Services.

Sylvester Roque Former Contributing Editor About This Particular Macintosh

"Got Time to breathe. You got time for music." Denver Pyle as Briscoe Darling
QUOTE Thanks
Pigstick

 
Pigstick's Avatar
 
Member Since: May 12, 2011
Location: China
Posts: 79
Pigstick is on a distinguished road
Mac Specs: Mac OSX 10.7.3: MBP 15" Early 2011 2.0GHz i7, 8GB, 500GB 5400RPM

Pigstick is offline
Thanks Slydude, problem sorted...
QUOTE Thanks
Slydude

 
Slydude's Avatar
 
Member Since: Nov 15, 2009
Location: North Louisiana, USA
Posts: 6,546
Slydude has a brilliant futureSlydude has a brilliant futureSlydude has a brilliant futureSlydude has a brilliant futureSlydude has a brilliant futureSlydude has a brilliant futureSlydude has a brilliant futureSlydude has a brilliant futureSlydude has a brilliant futureSlydude has a brilliant futureSlydude has a brilliant future
Mac Specs: 2.8 GHz MacBook Pro 10.8,3 8 GB mem, 2.66 GHz Mac Pro - Dead, iPhone 4

Slydude is offline
Glad that helped.

Sylvester Roque Former Contributing Editor About This Particular Macintosh

"Got Time to breathe. You got time for music." Denver Pyle as Briscoe Darling
QUOTE Thanks
EvenStranger

 
EvenStranger's Avatar
 
Member Since: Dec 09, 2010
Location: Virginia
Posts: 845
EvenStranger is just really niceEvenStranger is just really niceEvenStranger is just really niceEvenStranger is just really niceEvenStranger is just really nice
Mac Specs: Currently 13" Late 2010 MBA, 4GB/128GB; Early 2011 13" MBP, dual core i7 2.7ghz, 4gb ram, 500gb hd

EvenStranger is offline
I strongly recommend NOT using encryption UNLESS you have a good backup. Encryption creates a single point of failure for your data. Bits get corrupted, the entire vault is lost. If you're concerned with the security of your backups, I've been using an Apricorn drive - hardware encrypted with AES-256 bit encryption, numeric keypad for access, and bus powered. The retail on the 640GB drive is about $130 now. I've been very impressed with the drive.
QUOTE Thanks
Pigstick

 
Pigstick's Avatar
 
Member Since: May 12, 2011
Location: China
Posts: 79
Pigstick is on a distinguished road
Mac Specs: Mac OSX 10.7.3: MBP 15" Early 2011 2.0GHz i7, 8GB, 500GB 5400RPM

Pigstick is offline
Thanks for that. Had a look at the Apricorn drives and they look a good solution, just got to track down a local supplier. Theoretically I believe that hardware encryption should also be faster.
QUOTE Thanks

Post Reply New Thread Subscribe


« database / sales spreadsheet advice | Outlook 2007 (PC) -> Outlook 2011 (Mac) »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
Why did my network security encryption change from WPA to WEP? Diva Internet, Networking, and Wireless 2 09-25-2009 06:02 PM
Wireless Networking FAQ cwa107 Internet, Networking, and Wireless 40 04-08-2008 09:25 PM
Windows Tweaks and Security PowerBookG4 Running Windows (or anything else) on your Mac 5 07-07-2006 12:31 AM
VPN Troubles shane440 OS X - Apps and Games 0 10-04-2005 11:08 AM
Severe Flash Security Flaw schweb Apple Rumors and Reports 1 03-04-2003 01:03 PM

All times are GMT -4. The time now is 05:42 PM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?