[X4U] Macintosh security (How to protect files and
Applications for stolen computers)
John Baltutis
baltwo at san.rr.com
Wed Nov 16 11:11:58 PST 2005
On 11/14/05, "John Richardson" <richards at spawar.navy.mil> wrote a lengthy
post asking how to best protect data on a computer that thieves make off
with:
>
> Good news first: this is a preemptive email. The computer is still happy.
> This is not an email on network security.
>
> Host system is an iMac running OSX 10.3.5 with a DVD burner.
>
> Assumptions
> 0) The physical security has been compromised.
> 1) The basic first level strategy is a blanket encryption of the home
> directory using file vault.
Personally, if having your computer stolen is a good possibility, then I'd
install the OS onto the machine, get an external FireWire HD, and move your
Users and Applications folders to it. Then, when you're finished,
disconnect the FWHD, and store it in a security safe (such as described at
<http://www.centurionsafes.com/>) or the kind that abound at SpaWar.
>
> Some questions (answers or links to the FAQ's that answer the question)
Go to <http://search.info.apple.com/> and enter exact phrase "FileVault."
Also, <http://discussions.apple.com/search.jspa?search=Go&q=filevault>
should keep you busy for awhile.
> a) How much time does it take for file vault to encrypt 100GB?
> b) How "reversible" is file vault? How long will it take to decrypt (assume
> same time to encrypt)?
> c) Are there any issues with using file vault on 10.3.5 or above? Tiger?
>
> 2)This seems like overkill, so some apple store employee suggested this.
> a) Take the files you want protected. Create a disk image and encrypt the
> disk image using Apple's disk utilities. [I suppose that you could then use
> file vault to double encrypt the material]
>
> This is the strategy I'll probably use.
>
> General Question: How good is the File Vault and disk utility encryption?
> What are the commercial programs that have better (stronger) encryption.
>
> 3) Applications
> This is probably the most interesting question, providing that 1) and 2)
> above solve the problem of data disclosure in your home directory.
>
> Suppose that you have 20 expensive commercial applications on your machine.
> The thief just acquired lots of tools.
>
> Is there a reasonable method (time/money) to password protect the
> applications? Perhaps a plist? The boot ROM?
See above.
>
> 4) Speaking of ROM, can open firmware protection keep a thief from ever
> using your beloved Apple?
Possibly. See <http://docs.info.apple.com/article.html?artnum=106482>.
>
> 5) Lastly, notice all those locks on the computers in the apple stores.
> These are in place but the apple store only sells locks with 4 feet cables.
> Any commercial systems that people would recommend with longer length
> cables.
Try a bicycle retention cable. Do note, that bolt cutters will sever
anything you have in place.
More information about the X4U
mailing list