Although convenient for the user, this option is also convenient for less-than-well intentioned people and it pose a serious risk for all our Mac users out there. Just recently we had an episode at one of the Centers were a few computers were stolen including some Macs. If they contained important information, that information could be easily accessed using this simple Reset Password tool.
This is why it is so important to start thinking seriously about encryption. When it comes to encryption there is no shortage of options, both free and paid. Let’s start with the paid ones and move to the free options as we go along the yellow brick road to the land of Encryption.
PGP Whole Disk Encryption for MAC OS X
(http://www.pgp.com/mac/)
PGP is a company that provides paid encryption solution. I’ve never personally tested their products, but as far as commercial encryption goes, PGP is a widely known name and very respected at it too.
PGP or Pretty Good Protection was used originally for email and attachments encryption, but since 2002 they’ve started to provide a wider variety of encryption software. To my best knowledge, they are the only company to offer whole disk encryption for the Mac.
From their own website:
- Full-disk encryption to secure all data, including temp and swap files
- Pre-boot authentication to protect systems if lost or stolen
- Encryption for USB flash drives and external USB and FireWire disk drives
- Compatible with Apple FileVault protection for home directories
- Can be deployed and managed using PGP Universal™ Server, providing consistent enterprise data protection for Apple Mac OS X and Windows systems
- Part of the PGP® Encryption Platform, enabling organizations to secure data across platforms and throughout the enterprise
- Runs on Intel-based Apple Mac OS X 10.4 and 10.5 systems
And the price for a perpetual license is $149.
There are plenty of other paid encryption applications out there as well, but I will focus on free options from now on, starting with Apple’s own FileVault.
FileVault
(http://www.apple.com/macosx/what-is-macosx/security.html)
FileVault comes with all the newest versions of OS X. It was first introduced in Mac OS 10.3 Panther. If all you need is quick and easy encryption, this is the way to go. FileVault will keep your files for a given account safe from unauthorized use and will give you that extra dosage of peace-of-mind. But don’t be fooled by its ease of use. If you ever forget your master password, you will loose access to all your files. And on top of that, there are some serious holes on FileVault’s encryption algorithms, which would make it easier to crack the code and have access to all your information. If you really want to use FileVault’s encryption, you can turn it on for each user by going to your System Preferences and selecting the option Safety. There you will find the tab for FileVault and then you can turn it on for the current user.
TrueCrypt
(http://www.truecrypt.org)
TrueCrypt is by far one of the most reliable free solutions out there, and although they don’t have Whole Disk Encryption on the Mac, they have a slew of other options that more than make up for it. You can create a separate Disk Image that contains all your important data, you can make that a hidden partition and much more. It offer all sorts of encryption algorithms, from AES to Twofish, it is cross-platform and easy to use. I definitely recommend it if you don’t need Whole Disk encryption. What makes it so compelling for our organization is that we are increasingly seeing a need for the use of encryption to protect sensitive information, and TrueCrypt is the version of choice, though features on the Macintosh continue to lag behind features available in Windows.
From their website:
- Creates a virtual encrypted disk within a file and mounts it as a real disk.
- Encrypts an entire partition or storage device such as USB flash drive or hard drive.
- Encrypts a partition or drive where Windows is installed (pre-boot authentication).
- Encryption is automatic, real-time (on-the-fly) and transparent.
- Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
- Provides plausible deniability, in case an adversary forces you to reveal the password: Hidden volume (steganography) and hidden operating system.
- Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.
External Hard Drive Encryption
If you are really serious about protecting your important information, the best approach is to have a separate hard drive where you can store your data, and encrypt that hard drive. If you have a small safe, also use it! There is a reason why we still trust safes and other analog methods of protecting data, and it is because if the data is literally locked, no amount of hacking will suffice to steal your information. Big companies do that, the military does that and if you have information that you are really interested in protecting, you should do this too. My personal scheme for encryption is using a small 2.5’’ hard drive on an usb enclosure that has my TrueCrypt file (using a fake encrypted partition and then my real hidden partition) that I lock away when not in use, and I keep all my financial and personal information. As soon as possible, I will also get an extra drive and make a backup of my encrypted drive and store it on an off-site location. It seems like paranoiac extra work, but this is actually the closest to true protection that one can get, and even so, there are no guarantees.
No comments:
Post a Comment