Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.5: Insure that Time Machine runs on FileVault accounts' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: Insure that Time Machine runs on FileVault accounts
Authored by: noworryz on Nov 30, '07 04:20:56PM

The guidelines NSA publishes are for government and industry and they cover confidential but not Top Secret information, which is stored under much stricter rules. In other words, the guidelines are not for "NSA-level" security but rather recommendations for the configuration and use of computers containing sensitive data.

Users concerned about the cost and embarrassment of data theft should consider the NSA guidelines. To provide protection against a sophisticated and well-funded hacker (but not one with unlimited government resources) users can:

  1. Chose a strong password for their secure accounts with the aid of Apple's password assistant.
  2. Enable FileVault for secure accounts.
  3. Disable automatic login (in Security preferences).
  4. Enable secure virtual memory (in Security preferences).
  5. Enable the firewall (in Security preferences).
  6. Log out of secure accounts when not using them (and not assume that sleeping with the screen locked or switching accounts with Fast User Switch are equivalent to logging out).
  7. Avoid executing untrusted, especially downloaded, applications.

If all of the above guidelines are followed, secure accounts on a stolen computer are probably safe, in that no exploits are generally known.

Time machine will not back up a secure account when the user is logged in or when no user at all is logged in, but will back it up when the user is in the process of logging out. If connecting a USB or Firewire disk is not practical when logging out of a secure account, creating a "backup" non-FileVault, non-admin account with limited privileges is a convenient way to allow backups later, with minimal risk to security. Logging in to such an account, with a USB or Firewire disk connected, will allow Time Machine to back up all secure and insecure accounts.

[ Reply to This | # ]