Securing Data on OSX

Joined
Mar 28, 2016
Messages
44
Reaction score
1
Points
8
Your Mac's Specs
2018 mac mini, mojave, 8GB RAM, 512 GB SSD
Hi everyone

just a general question re OSX personal data security. I have 2 main folders where our data is stored - a 'Data' folder at the top level of my Mac and the standard 'Users' folder. I do not want to use FileVault as not everything needs to be encrypted but would like to protect these 2 folders.

I have set up an encrypted disk image for the 'Data' folder - this is working fine.

I am now looking for advice re how to manage the 'Users' home folder. If I set up a disk image for this, the 'expanded' file path will be different to the default path ie - the current file path is 'iMac\Macintosh HD\Users' but the opened disk image path will be 'iMac\Users' as it creates a new volume. I am worried this will create a problem if there are background processes expecting the folders/sub-folders etc to be in a certain location (also not sure if there are other implications).

Not sure what to do so any advice appreciated!
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
I can't answer whether the encrypted volume will create problems for background processes. You'll just have to try it and see. However, using FileVault to encrypt your entire drive would be faster and a lot less complex than trying to set things up the way you have them now. Of course the hazard of using FileVault like any other encryption scheme is that you must not lose your password.
 
OP
J
Joined
Mar 28, 2016
Messages
44
Reaction score
1
Points
8
Your Mac's Specs
2018 mac mini, mojave, 8GB RAM, 512 GB SSD
Thanks for the reply. The reason I was choosing to only encrypt some information was for efficiency. I have read that encryption can slow your Mac if it's older and I only need to protect ~ 50GB of data (not the whole 300GB currently on the Mac). It would be great if FileVault worked like Time Machine ie - have the ability to include/exclude folders/files as required. I will search for other potential solutions.
 
Joined
Apr 16, 2016
Messages
1,096
Reaction score
51
Points
48
Location
CT
Your Mac's Specs
MacBook Air Mid-2012 / iMac Retina 5K Late-2014
Thanks for the reply. The reason I was choosing to only encrypt some information was for efficiency. I have read that encryption can slow your Mac if it's older and I only need to protect ~ 50GB of data (not the whole 300GB currently on the Mac). It would be great if FileVault worked like Time Machine ie - have the ability to include/exclude folders/files as required. I will search for other potential solutions.

Why are you encrypting them at all? I often find folks believing that encrypting data provides protections that it does not. Encryption is for Data at Rest protection, and is only useful when the Mac is OFF. Once it's powered up, that encryption needs to be unlocked so that users and processes can access it when necessary.

If you provide details about what you're trying to protect, from whom, and when, we could give you better guidance on what some options might be.
 
OP
J
Joined
Mar 28, 2016
Messages
44
Reaction score
1
Points
8
Your Mac's Specs
2018 mac mini, mojave, 8GB RAM, 512 GB SSD
Hello Ember1205

I am encrypting to protect the data for Data at Rest protection. I also get the added bonus of protection while I'm using the iMac if the disk image is 'locked'. I understand that there is no protection if I have 'unlocked' it and am accessing the files.

I want to secure my digital presence and have started with personal files in the iMac. The firewall is activated and antivirus software in use. The specific individual user accounts on the iMac are to have full access to the data; no other users should have any access.

I don't know the best way to protect the information (maybe everything should be on a separate HDD only?) I have done some research and encrypting was the main suggestion if I continue to use the iMac as storage though no advice regarding securing the Users folder (see post #1) unless I use File Vault. And I am particularly concerned how much information is stored in Users (only the other day I discovered that every time I open an email attachment another copy is created under my name Account in Users).

I am willing to consider other options. Looking forward to all advice ..
 
Joined
Nov 19, 2006
Messages
1,774
Reaction score
81
Points
48
Location
York, UK
Your Mac's Specs
iMac: 5K 27” (2020), 3.3 GHz, 32Gb RAM. iPad2, iPad mini4, iPhone 13 Mini, Apple Watch SE
Here's the first piece of advice - get rid of the antivirus software. It's not doing anything other than slowing your system as there are no OSX viruses.
 

IWT


Joined
Jan 23, 2009
Messages
10,210
Reaction score
2,168
Points
113
Location
Born Scotland. Worked all over UK. Live in Wales
Your Mac's Specs
M2 Max Studio Extra, 32GB memory, 4TB, Sonoma 14.4 Apple 5K Retina Studio Monitor
Here's the first piece of advice - get rid of the antivirus software. It's not doing anything other than slowing your system as there are no OSX viruses.

Hear hear. Get rid of AV software. The problems are many, the benefits zero.

Now Malware. That's quite different. Adblock plus blocks ads ( of course!). Ghostery stops sites from tracking you and Malwarebytes anti malware app removes any malware already on your Mac.

As regards other security options: if you were to consider using an EHD to store your precious data, then you can set up encryption of that EHD. Although I have no personal experience of it "Knox" is a pay for app that robustly encrypts an EHD. You have to run the app prior to using the EHD.

Ian
 
Joined
Apr 16, 2016
Messages
1,096
Reaction score
51
Points
48
Location
CT
Your Mac's Specs
MacBook Air Mid-2012 / iMac Retina 5K Late-2014
Hello Ember1205

I am encrypting to protect the data for Data at Rest protection. I also get the added bonus of protection while I'm using the iMac if the disk image is 'locked'. I understand that there is no protection if I have 'unlocked' it and am accessing the files.

I want to secure my digital presence and have started with personal files in the iMac. The firewall is activated and antivirus software in use. The specific individual user accounts on the iMac are to have full access to the data; no other users should have any access.

I don't know the best way to protect the information (maybe everything should be on a separate HDD only?) I have done some research and encrypting was the main suggestion if I continue to use the iMac as storage though no advice regarding securing the Users folder (see post #1) unless I use File Vault. And I am particularly concerned how much information is stored in Users (only the other day I discovered that every time I open an email attachment another copy is created under my name Account in Users).

I am willing to consider other options. Looking forward to all advice ..

Data at rest only works when powered down. Once the system is powered, even if it's left in sleep mode, the Data at Rest component is "off". There is a GIANT misconception about disk encryption (or file/folder encryption) that it protects you in many scenarios that it actually does not. The ONLY thing that disk encryption is intended to protect against is someone taking your drive, plugging it in to a different system, and attempting to access the data. Without the keys/passwords/whatever, you are blocked. Once the key is provided, however, that data is 100% available to be accessed (with the right credentials) by any means until the system is shut down again.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top