Encrypting a volume in OS X Mavericks couldn’t be easier. In this article, we will look at three ways to encrypt OS X Mavericks volumes. The reason there are three ways is that booted volumes and non-booted volumes have different methods for enabling encryption. Encrypting Attached Storage For non-boot volumes, just control-click or right-click on them and then click on Encrypt “VOLUMENAME” where the name of the volume is in quotes. When prompted, provide an encryption password for the volume, verify that password and if you so choose, provide a hint. Once the encryption process has begun, the entry previously clicked on says Encrypting “VOLUMENAME” where the name of the…
-
-
10 Tips on Policy Enforcement and Tracking for Mac OS X
Large deployments of Mac OS X based systems are becoming more and more prevalent. In some ways, this is due to one to one programs and more frequent enterprise deployments of Mac OS X. As such, people are more and more looking to manage systems. And any time you have systems being managed, those using managed systems start looking to break the management of the computers. Therefore, a new topic comes up: trying to discern when a system has broken out of the management framework. For example, how do you know when users have broken your firmware password? How do you know when they’ve circumvented your managed preferences framework to…
-
Symantec Acquires PGP & GuardianEdge
Today Symantec announced that it is acquiring PGP. I certainly hope they treat the Mac PGP client better than they’ve treated some of their other Mac clients. This move brings Symantec squarely into the encryption space. They encrypt full disks (including the boot volume of Mac OS X), portables, file servers, jump drives, Blackberry and PDFs. They have a mature centralized key management solution (after all, all encryptions seems to be key based these days) and even recently added application control to their portfolio, to block malware. Perhaps the last is why Symantec went ahead and picked them up. Or perhaps it’s because they just like buying things at Symantec.…
-
FDE on Mac OS X Server
I’ve rolled a few Mac OS X Servers into production either sitting on top of PGP or Checkpoint. Other than the obvious issues of killing the ability to remotely reboot the thing it’s actually going really well so far. If anyone else has any observations or has been doing this as well let me know as I’d be interested in comparing performance benchmarks and notes about other potential technical ramifications. So far I’m seeing almost the same performance (about 5% degradation, which is easily made up by running faster drives), there are limited troubleshooting options and the issue with it booting to a password request rather than to the OS…
-
Lo/Jack
It’s Friday and I’m feeling fairly non-technical after a call earlier today with actual end users (I’d forgotten we had those). So I’m going to talk about Lo/Jack. Tangent time: One of the great parts about being involved with MacWorld is the schwag. The speaker bags are full of stuff that, to be quite honest, I would almost never think to buy myself. Not that the vendors who throw crap in there don’t get me hooked on their phonics. But one of the few things that have caused me to think about security strategies from that bag is LoJack for Laptops. The thing is, I don’t really need it for…
-
Seagate Momentus FDE and the Mac
I’ve been asked by a number of people about using the Seagate Momentus FDE.2 or 7200 FDE laptop drives in a Mac to do Full Disk Encryption (FDE) without having to purchase third party software. Well, I tried it out and regrettably the answer here is that the Momentus drives will not work for much the same reason that ESX can’t work with the Mac: BIOS. The Mac uses EFI, not a BIOS and therefore a number of applications that bypass various forms of hardware abstraction (and in this case hardware that bypasses it) will not work on a Mac, even if you’re using Boot Camp to run Linux or…
-
Full Disk Encryption and Cost
If you require Full Disk Encryption for all laptops in your organization then don’t forget to calculate the costs of doing so. There is the chance that you might not need to provided you can control what company assets can leave the environment, but the cost of implementing a solution to do so might outweigh the cost of purchasing FDE software for the Mac populace…
-
Mac OS X: Need Full Disk Encryption?
Check out Check Point FDE for the Mac!