Protecting Private Data
Mac OS X has a number of features designed to protect the confidentiality of your data, whether it is stored in your home directory, travelling across the Internet, or shared locally on your network. The eighth part of this ongoing series will begin with the Mac OS X FileVault.

FileVault
FileVault keeps your documents secure, even if your computer is lost or stolen, by storing them in an encrypted form in your home directory—preventing unauthorised users, applications, or utilities from reading them.

With FileVault enabled, all the information in your home directory is always encrypted. By logging in and authenticating, you provide the key to access your encrypted documents. Documents are decrypted on the fly as you open them and re-encrypted as you save them to disk.

FileVault encrypts files with the robust Advanced Encryption Standard (AES), the same cryptography technology recommended by the USA federal government to secure sensitive documents.

AES uses a 128-bit key length, which means there are 3.4 x 1038 possible keys for FileVault. In addition, AES relies on a symmetric key cryptographic algorithm that turns the data into cipher text using a four-step transformation process.

It performs this transformation 10 times. The result of each pass serves as the origin of the next pass, yielding an encrypted block of data with no known successful method of attack.

Ok, so let’s break this down a little.
In short, FileVault is using USA federal government grade encryption protocols for storing your data on your mac.

Turning on FileVault
Enabling FileVault is really straight forward. Open system preferences, go to the security option and click on the FileVault Button.

Down Sides to using FileVault. Are there any?
Yes – there are downsides to using FileVault. Speed during log-in and log-out for starters. According to other posts, there are a few issues that are yet to be resolved.

These are worthy of a read before making a decision to go ahead and use file vault.

• http://lifehacker.com/software/bitlocker/os-encryption-showdown–
  vistas-bitlocker-vs-macs-filevault-245126.php
• http://www.gizmometer.com/blog/?p=18

Enabling FileVault – How to:
Instructions direct from Apple are here.

Other Security Considerations

Master password
For extra security and control, a master password can unlock your FileVault protected home directory in case you forget or lose your password.

The master password is particularly useful for system administrators who need to keep company data accessible, even if employees forget their passwords or leave the company.

Encrypted virtual memory
Virtual memory is used like random-access memory (RAM) to store temporarily needed information on your disk drive for quick retrieval. This virtual or “swap” memory area can contain important, confidential information.

With Mac OS X, you can encrypt this area of memory so that it remains protected and not visible to others. This optional setting is available in the Security pane of System Preferences.

Private Browsing (Covered in the second article in this series)
The Safari web browser in Mac OS X saves the contents of web pages you open in a cache so that it’s faster to visit them again.

With the optional Private Browsing feature, the history and cached information about your surfing habits are not stored or recorded. This provides a way to keep your surfing habits private and not recoverable later.

In our next article, we are going to focus on a high level view of the layers of Mac OS X security.

Warm Regards,
Scott Malpass
Aquafruit Media.