Complete disassembly and installation guides for most recent Mac laptops and consumer desktops.

27706 Questions View all

My computer's front door is locked, but my back door is wide open!

For years I’ve felt fairly secure with the security Apple built in requiring a password to access my data. Very few of the general public had any idea how to get past that. Now my backdoor is wide open with no lock. My corporate secrets and eleven herbs and spices that I cook with are open to anyone with a bit of knowledge. My bank codes and passwords can be accessed. My tax information, personal letters, my will are open for public display. My sexual proclivities are exposed, not that I really care about that. I’d like to hear suggestions on how to close that back door or at least protect my user data.

Answered! View the answer I have this problem too

Is this a good question?

Score 7

Comments:

Great Question.

by

Thanks for all the great answers. I wish I could accept them all. This really tough. rdk because that's the first thing I'm going to do.

by

Add a comment

8 Answers

Chosen Solution

This isn't specific to Macs, but one effective and simple approach to keeping your data secure is to disable the broadcast of your SSID (wireless network name). Basically, the idea is, if your wireless network pops up automatically, it's going to get attention. But if your SSID isn't listed (and must be entered manually on a new computer), your network name will not show up in the list at all. There are ways to find networks which don't broadcast their name and hack them just like any other network, but there are so many wireless networks in any given area that realistically, if it's not in the list, very few will go to the effort of seeking it out.

Obviously wireless encryption should be used as well, and if you're feeling inspired, you can even turn on MAC address security, so that your network won't let computers on that don't have MAC addresses which have been pre-registered with the router.

Sorry for the somewhat unrelated post...I just thought it may be relevant, since we're all on wireless networks these days, and if the intruder can't get on the network at all, he certainly won't be getting into the Macs that are on that network.

Was this answer helpful?

Score 8

Comments:

That's a great idea. Only one problem, I have customer's computers in all the time and I need to be able to access my network. Is there a workaround? + vote for the participation

by

Though you really shouldn't be messing with networking and stuff like that unless you know what you are doing, the general idea you are conveying is when you make your network so you can only connect if you know the ssid. Still, not too effective and you need both a pre-shared key and WPA encryption to be secure.

MAC addresses are physical addresses referring to the NIC in the host, it has absolutely nothing to do with routing or anything layer 3 or above. MAC addresses are used by switches (layer 2 devices) for within networks, intranetwork communication, whilst a router and ip addresses are used for internetwork communication. A switch uses a mac table, and a router uses an ip table.

by

rdklinc: thank you for the info on the SSID which I had not thought about recently. That will fix one of my clients issues. I usually use the simple MAC address list for access to my clients wireless to keep a tighter control but they have had some turnovers as of late so the terminating the broadcast will be just right.

rab777hp ease up. mayer, rdklinc and myself all have companies and set up networks for our clients all the time. They are a piece of cake and not something to be scared of. Setting up multi-floor networks for schools and business's are fun and a great mental exercise. But networks are not for the faint of heart. And if you are not comfortable with it I'm sure one of us could guide you.

by

rab777hp, I think I have a pretty good idea what I'm doing...I have more than a few Cisco certifications, and I've built and managed several corporate multi-site wireless networks with RADIUS implementations, used by hundreds of nodes. I'm not referring to enterprise-level stuff here, but rather the home networks that are more likely relevant to this discussion. The features I mentioned are all very simple and basic functions of a typical $20 Linksys WRT54G (which functions as a router AND a switch, by the way), and as I mentioned, they should be used in conjunction with encryption. Hard-coding the Mac address of your laptop and turning off the SSID broadcast are simple steps a home user can take in order to be safe. That's all I'm saying.

by

Great ideas guys, great question Mayer. How do I go about "Hard Coding my Mac address????

by

Show 2 more comments

Add a comment

Well, there are tons, and i mean TONS of ways to get around mac security, passwords can be changed with 2 commands, firmware passwords can be erased with a PRAM/PMU reset, and filevault is a joke. I haven't come up with any way to protect my mac, and keep all of my most important files on my PC, and my MyBook. Anyone who can get their hands on a mac, can bypass it's security, either via network, or physiclly by using the computer.

Was this answer helpful?

Score 4

Comments:

I have a Ubuntu installation on a seperate partition in the two macs i use most (My PowerMac G4, and Mini) and save some important data on that, but mainly use my MyBook to back up all of my computers, and don't connect that, unless I need to use it.

by

That's what I was afraid of, no data is safe. I've cracked system 9 stuff for the FBI and Secret Service years ago but had court orders authorizing it. I'm not looking for top secret encryption, just something to keep the ordinary crooks away. Although some of my customers with sensitive medical and corporate data would like to have higher protection.

by

see my answer below about creating encrypted disk images using Disk Utility, and using 1Password...

by

Add a comment

According to my ISP, WPA2 encryption is the safest right now. From what I was told the WEP encryption is a joke and has been hacked. I became suspicious of being hacked when my modem/router's configurations constantly changed on their own and admin password kept being rejected over and over again as though someone was changing it. When I called my ISP I was told to immediately change my encryption to WPA2, no problems since. I also disabled publishing of my SSID.

Was this answer helpful?

Score 4

Comments:

I've read about this in the past but really never paid any attention to it. I thought it was PC stuff. Do you know of any good links on it? +

by

http://en.wikipedia.org/wiki/WPA2

check this link out. It's pretty thorough.

by

I've done a little more research and it seems that WPA2 is indeed the way to go. It encrypts all wireless transmissions and has not been hacked. This wont resolve all of your security issues but it gives a little safety barrier.

by

yes, it's true, WEP is so, so weak and breakable. Use WPA2 instead

by

Add a comment

here some suggestions to protect your private data

1) use Disk Utility to create an encrypted disk image volume that you can mount after you've logged in - in Disk Utility, click on "New Image" then set up, say, a few hundred MB image, with Encryption turned on (either 128bit or 256bit AES encryption), and set image format to "sparse image". sparse image means that even if you configure a 500MB image, it will only actually consume as much actual disk space as it actually contains, up to a max of 500MB, or whatever

then store any of your sensitive personal data on this image, and be sure to unmount this disk image when you're not at your computer. these disk images will of course automatically unmount whenever you log off.

this disk image can be easily moved/copied to another drive or machine, but contents remain encrypted unless you supply the password when you mount it. I have several such encrypted disk images on my machines each containing various things (e.g. personal files, work files, email database, etc)

whenever you double click the encrypted volume, a dialog box will pop up asking you for the password. Make sure you DON'T check the box that says "remember password in my keychain" - this way if someone guesses/breaks your login password, they can't open your encrypted disk image. of course this means you need to use a different password!

2) turn on File Vault encryption, if you wish (I don't use this, myself)

3) turn on a screensaver, and in System Preferences/Security/General check the box that says to require a password when the screensaver begins. Set your screensaver to turn on after only a short time, to prevent someone from casually accessing your machine when you step away from your desk for a minute. Of course this is not particularly high security but it will help prevent accidental snooping of your disk.

4) in System Preferences/Security/General, check the box to turn on "secure virtual memory" - this encrypts your virtual memory swap files that are written to disk, to prevent someone from recovering data from those off your drive

5) use 1Password - highly , highly recommended way to easily store all your web passwords, online banking passwords, serial numbers, notes, credit card numbers, 11 herbs and spices recipes :) etc etc. This way you don't need to use an easy to guess, simple password that is the same for all your many accounts (like the name of your cat). 1Password can help you generate strong and unique passwords, and then use them with the click of a mouse. The database is encrypted and protected by a master password. Assign a strong password for the master password. There's also a companion iPhone app so you can always have your passwords handy, wherever you go.

Did I mention that I *highly* recommend using 1Password? I can't live without it after using for more than a year now. Seriously - go to the webpage I linked and watch the screencast video to see how to use it. You might not think it's that useful just from first description but try it an you will see (free trial available)

6) even though there are published ways around them, I still turn on firmware password. I also make sure that I turn OFF automatic login (System Preferences/Accounts/Login Items) - even if I am the only user configured on the Mac

Was this answer helpful?

Score 4

Comments:

Wow, there's a lot of information here and its going to take a bit to digest. Thanks so much for your help. +

by

you're welcome! in order of importance I would add start doing #1 right away (it's free) and seriously consider #5 (so, so useful). the others are relatively minor (though easy) things to do.

by

Can I recommend, do NOT, absolutely DO NOT use 1Password? It basically offers no useful features, all it does is offer all your passwords, credit card data, serial numbers, SSN, and everything worth guarding, up in a nice little file for anyone to access once and then you're screwed. It's even a pathetic application, it uses a hack to be a plug-in for safari, which makes it less stable and reliable (you won't know if it'll work after each update) and after I tried to uninstall it, only left some daemons/agents in my system which I have been unable to find after following their [terrible] unintallation instructions, and have spent their time crashing my system, and sending megabytes of log messages to Console.

Really, all you need to do is use cookies or keychains to remember your passwords if that's what you want to do. Just stay away from 1Password, I'm not the only one with issues with it, google it and you'll see some similar stories.

Just don't use 1Password.

by

hey rab777hp, sorry to hear you had problems with 1Password, but I respectfully disagree with your negative comments about it, that's completely opposite to my experience with it on several Macs and to the experience of a lot of others people I know. I've been using it successfully since v2 about 1.5yrs ago and now on v3 with OS X 10.6. and your comment about everything in 1 file, well it's encrypted and do you know that your keychain is also just a single file containing your logins? anyhow again sorry to hear about your problems, I stand by my strong recommendation.I think if people google it they will find many positive reviews and user testimonials. cheers, bac

by

Add a comment

One thing basically: encryption.

First off, PDF files are incredibly easy to encrypt, other files can be encrypted as well, but PDFs are especially easy.

But more important is filevault, the built in encryption for Mac OS X, turn it on, and it will be incredibly difficult for someone to access your files without the password.

Was this answer helpful?

Score 3

Comments:

've worked on systems with FileVault turned on and had great difficulties with repairs and permissions and recovering that data, but maybe that's what you want. + vote

by

I use FileVault and love it. It's a lot more stable in 10.6, but you definitely have maintenance issues from maintaining what is essentially a second file system on your computer. I use DiskWarrior to recover from FileVault corruption, and it's worked like a charm on a number of occasions.

by

Does anyone want to explain why I've been getting so many downvotes on this post?

by

I took back my up vote for the insult.

by

insult?

by

Show 2 more comments

Add a comment

1. Get a PC laptop. Most pc laptops can be secured all the way to the hard drive firmware.

2. If you are running an Intel Mac, install Windows. Install a decent antivirus/antispyware, turn your firewall on then use Windows Bit locker.

That should keep your files safe from most hackers.

Was this answer helpful?

Score 1

Comments:

Fair suggestion. One shouldn't be downvotet for suggesting using Windows. But still - OS-X is light years ahead but a little sloppy in security ;-)

by

I'll give him a upvote for participation. I understand the downvote in a room full of Mac lovers, but we must be a bit more tolerant of the poor PC user now that out beloved macs can now run the dreaded Windows. After all who else can we look down on?

by

He does have a point there, windows web browsers are WAY more secure than mac browsers, such as the ever-so-hackable safari, IE 8 and such go unhacked at pwn2own for one simple reason, cry as you will about features, stability, etc., MS cares about one big thing, security, and they're good at it, unlike Apple, they can get down off their high horses and work on security.

by

But if you're gonna do that, just use Ubuntu or other distro, linux is so much even more secure.

by

Add a comment

Am I the only person who uses http://www.truecrypt.org/? free open source drive encryption , works on virtualy any OS.

Was this answer helpful?

Score 1

Comments:

tell us about it. +

by

Add a comment

here is one horrible thing about 1password i can confirm: if you export any data it does warn you that that data is insecure (you have to secure-delete it!!!).

HOWEVER, it does not warn you that ALL THOSE EXPORTED passwords & logins & items are also COMPLETELY EXPOSED IN YOUR CONSOLE LOG FILES!!!!

That is truly unacceptable - it's bad enough that it's captured as text in the exported files and in the console log files, but IT'S UNCONSCIONABLE THAT 1PASSWORD DOES NOT WARN YOU THAT YOUR DATA IS EASILY EXPOSED in that and several other scenarios -- it doesn't encrypt the URLS and other data, just passwords apparently

so alot of your info is exposed even when you think you're safe. I still like the convenience of 1Password, but the backdoors & security loopholes are crazy ridiculous, especially the lack of warnings and they should include step by step instructions on what to do to cover up their failures.

meanwhile:

does anyone know of a mac friendly GUI for using truecrypt to encrypt entire drives because i have not been able to figure out how to use truecrypt on mac os x 10.4.11 -- all my attempts have failed. it's not user friendly at all.

Was this answer helpful?

Score 0

Comments:

I odn't saw nothing on my log

by

Add a comment

Add your answer

mayer will be eternally grateful.
View Statistics:

Past 24 Hours: 0

Past 7 Days: 0

Past 30 Days: 4

All Time: 2,916