PDA

View Full Version : Security for stolen laptops



graemie
10th February 2006, 10:33 AM
Hi,

I don't know if anyone is like me, and has heaps of info in my mail program that I would not like to get stolen, like passwords, login accounts, bank statements, info about clients etc... which I would hate to get into the wrong hands if the machine were ever stolen...

I've been really interested in Filevault ever since it was released, but I've never been game to try it, because I've been scared that it will corrupt my files or I won't be able to log back in for some reason. Do you use it? Regularly? How quick is it to encrypt and decrypt?

And what about Knox (http://www.knoxformac.com/). I just read about this today and it looks great, but I just wondered if anyone else uses it and what they thought.

g.

El Guardo
10th February 2006, 12:09 PM
I've long had file vault running and have not noticed any difference in operating speed between it (PB) and a non-vaulted machine (iMac). It takes a while to encrypt everything upon initial activation. Similarly, it takes a while to do the decryption phases when turned off. And both times increase exponentially when there's a significant amount of data. But in terms of day-to-day use, there's no real difference.

I would suggest, though, that's it's not a cure for all your concerns. FileVault is great provided your computer is stolen while turned off, asleep or logged out of. But should someone steal it while you're logged in then everything is still accessible. Hence leaving everything in emails and the like is not a very good idea. One solution might be a recently updated program like Wallet which stores everything in 448-bit protected databases which, in short, aren't hackable. Transfer anything you don't want to lose into there and sleep a little easier thereafter...

cgollner
10th February 2006, 02:06 PM
Is this the Wallet (http://www.waterfallsw.com/wallet/) program that you mentioned?

Chris.

Squozen
11th February 2006, 08:54 AM
Use Filevault. Set your system to require a password when it's switched on, don't just let it boot into your profile. Also set it to require a password after waking from sleep. Back up your important files into an encrypted disk image with a strong password (use Disk Utility for this) and store the image in a separate location.

Of course, most thieves will be stealing your laptop to sell it, not to get your private information, so they'll be trying to wipe the drive ASAP. Doesn't hurt to be careful though.

El Guardo
11th February 2006, 10:51 AM
Originally posted by cgollner@Feb 10 2006, 02:06 PM
Is this the Wallet (http://www.waterfallsw.com/wallet/) program that you mentioned?
Yes.

tintinaujapon
11th February 2006, 12:41 PM
Looking at security from a slightly different angle, there's that software advertised in each month's Australian MacWorld which will 'dial home' the second a stolen laptop is connected to the Net.

Not much good if the drive has been formatted I guess and personally, I'd rather get a new laptop out of insurance if this one were stolen than get back a machine that's been subject to who knows what abuse etc. while being stolen.

cgollner
26th September 2006, 08:17 AM
<div class='quotetop'>QUOTE(Squozen &#064; Feb 11 2006, 08&#58;54 AM) 140698</div>

Use Filevault. Set your system to require a password when it&#39;s switched on, don&#39;t just let it boot into your profile. Also set it to require a password after waking from sleep. Back up your important files into an encrypted disk image with a strong password (use Disk Utility for this) and store the image in a separate location.

Of course, most thieves will be stealing your laptop to sell it, not to get your private information, so they&#39;ll be trying to wipe the drive ASAP. Doesn&#39;t hurt to be careful though.
[/b]

How do you set your Mac to require password when coming out of sleep???

Chris

stefanlod
26th September 2006, 08:55 AM
There are a few things you can do in OF to make you laptop harder for to-be Mac robbers. There are plenty of tutorials available on the net, but the most popular are:

The Banner - you can put in a hidden, personal message when OF is switched on. Handy if the police need to prove the ID even after the HDD has been formatted

High security level - requires you type in your OF password to boot the computer. I personally don&#39;t recommend this one because out of memory, you still have to type in mac-boot after you type in your password.

brentd
26th September 2006, 09:06 AM
<div class='quotetop'>QUOTE(cgollner &#064; Sep 26 2006, 08&#58;17 AM) 218157</div>

How do you set your Mac to require password when coming out of sleep???
[/b]

Its system prefs:
http://www.gallaher.com.au/website/lock.jpg

... also forgot to add
National Security Agency (http://www.nsa.gov/snac/downloads_macX.cfm) guide on locking down 10.3.

I know its a bit old but from memory I think it covers Stefanlod&#39;s suggestions and would be easy enough to translate to 10.4.

Kirium
26th September 2006, 10:56 AM
Speaking of stolen machines, does anyone here use Undercover (http://orbicule.com/undercover/)??

I can&#39;t tell if it&#39;s a gimmic or not..

Coogan
26th September 2006, 12:05 PM
Some useful info on Undercover, it asks and answers most questions:

http://blogs.ittoolbox.com/security/invest...-return-me-7337 (http://blogs.ittoolbox.com/security/investigator/archives/im-a-stolen-laptop-return-me-7337)

AnthoMac
26th September 2006, 12:15 PM
Undercover looks promising&#33; What if the theif does not go online however...

marc
26th September 2006, 12:23 PM
<div class='quotetop'>QUOTE(tintinaujapon &#064; Feb 11 2006, 12&#58;41 PM) 140738</div>

Looking at security from a slightly different angle, there&#39;s that software advertised in each month&#39;s Australian MacWorld which will &#39;dial home&#39; the second a stolen laptop is connected to the Net.

Not much good if the drive has been formatted I guess and personally, I&#39;d rather get a new laptop out of insurance if this one were stolen than get back a machine that&#39;s been subject to who knows what abuse etc. while being stolen.
[/b]
I&#39;m pretty sure Undercover (http://orbicule.com/undercover/) had a way to firmware lock drive formatting. Brilliant idea for an app, and it looks like it&#39;s been really well executed.

Theft Sensor (http://orbicule.com/theftsensor/) is kinda fun too.

brentd
26th September 2006, 12:56 PM
<div class='quotetop'>QUOTE(marc &#064; Sep 26 2006, 12&#58;23 PM) 218222</div>

Theft Sensor (http://orbicule.com/theftsensor/) is kinda fun too.
[/b]

:D
brilliant - they should of gone with the turning on car alarm &#39;blip, blip&#39;, when turning it on Theft Sensor.

Repulse
26th September 2006, 02:56 PM
<div class='quotetop'>QUOTE(brentd &#064; Sep 26 2006, 12&#58;26 PM) 218235</div>

:D
brilliant - they should of gone with the turning on car alarm &#39;blip, blip&#39;, when turning it on Theft Sensor.
[/b]

That&#39;s actually what they&#39;ve done with iAlertU. See here (http://www.youtube.com/watch?v=KkAtRfA1UXc). Pretty good aye? :)

pipsqeek
26th September 2006, 03:00 PM
All the security in the world aint going to help.

If someone wants something, they&#39;ll take it.

If they really want it that bad. They&#39;ll replace the HDD. :) And raid the original one via an external enclosure or some other means.. if that&#39;s their intent.

pipsqeek

roll_n_yaw
26th September 2006, 04:52 PM
Why not just remove all personal information to one of those encrypted jumpdrives and keep it in a safe place?

I have heard they utilise biometrics, 128 bit encryption cobined with a 50 attempt at the key limit, to stop brute force cracking, after which the drive is scrambled.

They also pop up with users details when inserted so someone who finds it can do the right thing and send it back to rightful owner.

Dont ask me who makes it, I only know it exists, maby sony make one.... I think.