I, Blog

December 1, 2007

Easy OS X Encryption

Filed under: security, tips — Scott @ 9:14 am

Ok, this is a really basic tip, but, as a switcher in the past couple years, there’s still a lot I haven’t learned, especially things that don’t fall in my personal “need” realm. When my dad asked me about encrypting stuff on his new Macbook Pro, I wasn’t sure how to natively do it in OS X. Well, now I know.

1. Open Disk Utility. Here I’m launching it with Leopard’s hugely improved Spotlight.

spotlight_du.jpg

2. While in Disk Utility, go to File -> New - > Blank Disk Image to create a dmg.

new_blank_image.jpg

3. In “Save As”, put the name you want the dmg filename to be. For Example, in this case the filename would be Personal Secrets.dmg.

4. For Volume Name, put what you want the dmg to show when it’s mounted.

5. For encryption, choose 128-bit AES.

6. Leave Volume Format, Partitions, and Image Format at the defaults. Volume Size set according to needs.

128bit_encryption.jpg

Click “Create”.

create_blank_image.jpg

Enter a password for the dmg file, and do NOT have “remember password in my keychain” enabled. Remember, you are trying to keep people out.

new_dmg_password.jpg

The new dmg file will be mounted. Also it will be wherever you told it to be created.

dmg_in_documents.jpg

After the first time, you’ll be prompted for your password to open the dmg. Then just move files in as you want. Since it’s a disk image, your files will be copied in unless you hold the command key while you drag them in. You don’t want to leave originals unencrypted on the hard drive elsewhere - presumably you are encrypting them for a reason. Again, don’t check any boxes that let you save the password into your keychain.

password_req_dmg.jpg

moving_file_into_enc_dmg.jpg

And that’s it - a very basic function but one that I wasn’t aware of how worked the first time my dad asked me to help him figure out how to encrypt some business files. Have fun!

Technorati Tags:
, , ,

November 24, 2007

Let me, or Don’t

Filed under: apple, leopard, security — Scott @ 4:56 pm

A lot has been written and spoken about the Leopard Firewall and the differences between it and the Tiger Firewall. For one thing, the new firewall appears to ignore the long used freebsd based ipfw firewall and instead someone at apple decided they should roll their own. Please note that ipfw is still included in Leopard, it just isn’t used by default, and the system preference panes relating to the firewall are for the new one, not ipfw.

The main differences the computer user will notice are that the firewall’s been moved from the sharing preference pane as it is in Tiger, to the security preference pane in Leopard, and that the firewall uses a different model for configuring what gets through and what doesn’t. This is all dandy, and you may wonder why I’m bringing it up now. Well, it’s because the 10.5.1 update patch slightly changed the verbiage in the firewall preference pane, which I thought I’d point out.

Also be aware that when upgrading from Tiger to Leopard, regardless of what firewall settings you had by default, the firewall appears to be disabled in Leopard by default.

In Tiger, the Firewall was located in the sharing preference pane, and worked by allowing you to select services or ports to open or close, based on the services you wanted to run on your mac.

TigerFW.jpg

In addition, the services section of the sharing preference pane would also have an effect on the firewall, such as when enabling remote desktop, which would also then enable this service for the firewall.

TigerServices.jpg

In Leopard, click on the security preference pane instead of the sharing pane to get to the firewall.

LeopardSP.jpg

Clicking on the firewall section of the security pref pane shows that the new firewall is configured differently: Allow all incoming connections, Allow only essential services (in 10.5.0, this was “Block all incoming connections,” which was misleading), and Set access for specific services and applications.

leopard_security1.jpg

Choosing the last option means that you’ll set, app by app, allow or block status for things you specifically want to let through or to block.

FWspecificApps.jpg

Finally, the firewall also allows logging and stealth mode (where the firewall won’t let the mac respond to pings, etc).

LeopardFWAdvanced.jpg

The main problems with the new Leopard firewall are well detailed but the main ones were the fact it was disabled by default, the fact that even with it set to use only essential services, some things are not blocked which you won’t really be able to change, and then the fact that the firewall would code sign apps when you listed them even if they weren’t code signed previously. This breaks apps that change their signature as they run, which meant that some people found skype broken as a result of this.

I think the jury is still out on whether or not the firewall is a huge mistake or will be just fine once apple tweaks it a little. it’s just important for the person moving from Tiger to Leopard to know that it is different, and what those differences mean.

I personally prefer the services based approach of the Tiger firewall to the app based approach of the Leopard firewall, and it also appears that ipfw as implemented in Tiger had a lot fewer rough edges than the new firewall does.

More on Leopard Firewall:
Tidbits article
securosis.com article
Apple’s article on the 10.5.1 update

Technorati Tags:
, , ,

November 5, 2007

Innie or Outie?

Filed under: apple, leopard, security, software — Scott @ 1:52 pm

There have been a few articles panicking about Leopard’s firewall changes, but here’s a good one on TidBits that takes a thoughtful and detailed approach to analyzing the health of the Leopard firewall:

http://db.tidbits.com/article/9294

I have to admit, I was a little disappointed by some of the changes to the firewall myself.

Technorati Tags:
, , , ,

Blog at WordPress.com.