This is the third part in the 3 part series on Apple ID & iCloud. This part touches on enterprise specific aspects.
Here are the links to Part 1 & Part 2.
encryption
Simple steps for securing your Mac
Continuing on from the previous post, where we learnt to secure our iOS devices, we will now apply similar steps on the Mac.
The security of a computer is easy to maintain if physical access to the device is restricted to yourself as far as possible. If any unauthorised person has physical access to your computer then all bets on security are off. While it’s easy for us to say that no one else is going to use the computer, one must always take some precautions. The following are just some of the steps one could take to secure their Mac.
User Accounts
This is the simplest way of ensuring very basic security. If more than one person is using a Mac one can have different accounts for each user. The account type that can be used for other users are:
- Standard Users: This is a basic account that is used everyday. This accounts limits the user to his own files & folders only. The user has the option to install applications too.
- Managed Users: They are standard users with restrictions. An administrator can specify what the user can or cannot do. This includes time limits, restrictions on applications & websites.
- Guest User: This is the simplest of the lot. Good for people who wish to access their emails & leave no data behind.
User Account Password
This is the simplest form of security. It is the password that you use to login to the computer. Having a strong password goes a long way in securing your Mac.
Setting a password
A password to your account will very likely be set when it was first created.
Changing the password
This can be changed at any point in time.
- Open System Preferences
- Click on Users & Groups
- If necessary unlock the padlock icon and authenticate as the administrator on your Mac.
- Select your user account
- On the right hand side click on change password
The other approach towards changing the password is:
- Open System Preferences
- Click on Security & Privacy
- Click on the General tab
- Click on the “Change Password” button next to the sentence: “A login password has been set for this user”
Note: for both the approaches you must know your existing password.
To create a strong password use the built in Password Assistant
Encrypted Disk Images
This offers a convenient approach towards storing your files securely. Disk Images are created using Disk Utility. To create encrypted disk images:
- Open Disk Utility. It’s located in the Applications > Utilities folder.
- Click File > New > Blank Disk Image.
- Don’t select the ‘Disk Image from Folder ‘ option.
- Specify the size of the image.
- In the Image Format select ‘Read/Write’
- Under security select the level of encryption desired.
- Provide a name and click create.
- Choose where you wish to save the disk image, provide an appropriate password.
- Once the image is created, open the image.
- It mounts as a virtual disk, you will be prompted to enter the password you set earlier.
- Now you can add files you wish to secure.
- Once you are done simply eject the volume.
- The next time you wish to access the files simply open the image and authenticate with the password.
This ensures that your information is completely safe.
Firewall
The firewall option is nice if you want to secure your communications over the network. From here you can control which applications can communicate over the internet or receive communications over the network. Simply turn on the Firewall & control access to the computer.
To customise the access to a network:
- Click on Firewall Options
- You can then click on the +/- buttons to add or remove applications from your firewall list. You can also modify whether a particular application is blocked.
FileVault
Disk images provide the option of securing some of your files. But what if there is a lot of secure information that you have? Disk images maybe used but it can become tedious if there are too many files. In such situations using FileVault to secure your files is preferable.
FileVault encrypts your main partition, that is, the partition from where you boot your OS from. Most users would have a single partition on their disk, for them it would mean that FileVault encrypts the whole hard disk. So anything you create on the encrypted partition is automatically secured.
To turn on FileVault:
- Open System Preferences > Security & Privacy > FileVault Tab.
- Click ‘Turn on FileVault’.
- Authenticate as the administrator if necessary.
- You will be asked where you wish to save the ‘Recovery Key’? This key is important because you would need the recovery key to reset your account password if all administrator users forget their password.
- You can choose to save it to your iCloud Account
- Click continue.
- Choose the users who will have the privilege of decrypting the system for daily use.
- Click Continue.
- Click Restart to start the Encryption process.
Logout & Sleep
If you are leaving the computer idle or unattended for a period of time, then it is a good idea to make sure that the computer itself is locked automatically. These settings can easily be set from System Preferences:
- Open System Preferences > Security & Privacy
- Click on the General Tab.
- Check the box for “Require password after sleep or screen saver begins“. This way the user will have to enter his/her password to start using the computer again. Specify the time duration after which this can happen.
- Click on “Advanced“
- Select the check box to log out after a certain period of inactivity. Specify the time duration.
Find My Mac
This feature has more to do with locating a device that is missing. While it is called Find My Mac, one can locate both OS X as well as iOS devices. There are a few things to keep in mind:
- All the devices to be tracked should be signed in with the same Apple ID.
- The device must be connected to the Internet.
Setting up Find My Mac is easy:
- Open System Preferences > iCloud.
- Make sure you are signed in.
- On the service list, located on the right hand side, scroll down to the checkbox for Find My Mac.
- Select the checkbox for Find My Mac if it is not already selected.
- You may need to grant access to location services.
Locating a device using Find My Mac:
- On any computer visit www.icloud.com
- Sign in with the same Apple ID/iCloud ID you had signed in with on your Mac.
- Once you log in click on the Find My iPhone app. Remember, even if it is called Find my iPhone, you can search for any iOS or OS X device.
- The page should now load with a map of all your devices which are currently online.
- You can select a specific device & perform various actions such as: Play Sound, Lock Device, Erase Device. Select the activity appropriate for your needs.
Privacy
it is possible to restrict access to a particular set of data on your Mac. Through the privacy tab within System Preferences > Security & Privacy.
From here once can give access to your data at an application level. The kind of data that can be moderated are:
- Contacts
- Calendar events
- Location
- Reminders
- Facebook/Twitter credentials
Certain resources such as Location & Diagnostics are controlled by the administrator.
Firmware Password
A Firmware Password is a Logic Board level password. The main purpose of a Firmware Password is to prevent unauthorised modification of the startup process of a Mac. It doesn’t secure your data. But it makes sure that no one can gain access to your computer by changing the boot sequence. It becomes difficult for people to boot your Mac off a network or an external disk.
The process of setting up a Firmware Password is a bit technical. Please consult with a member from the IT Department of your company or contact an Apple Certified Support Professional. You can also approach an Apple Authorised Service Centre for the same. If you have forgotten one, then you will have to approach an Apple Authorised Service Centre for the same. Here are the steps.
Managing all your data on your Mac
One of the single most important aspects of using a computer is Data Management. In this article I will be going over the various features available & steps that you can take to manage your data in a safe, secure & efficient way.
BACKUP
It happens ever so often that we are faced with a situation where we need a file to which we no longer have any access to. The reasons may be varied: lost computer, damaged or lost hard drive, accidental deletion. While there are applications that do retrieve lost files, they only work if the storage media is available & do not guarantee 100% recovery. The best solution to this is to backup your data.
The most common approach used is to manually copy the file onto an external storage. While this is easy, it can be tedious for the user & is error prone.
One of the easiest solutions is to use a backup tool called Time Machine. This is built right into OS X. You don’t need to install anything new. Just connect the hard drive where you would want to store all your backups. The OS will periodically backup all your data every hour as long as your backup drive is connected to the Mac. Many a times you are prompted to choose an external drive for backup, but that pops up only when you connect a new hard drive or a hard drive which isn’t used for backup.Once you have this activated you can then navigate back in time (just as you would expect from a time machine) and look for a file that you have lost.
Steps to Backup using Time Machine:
1) Connect the Hard drive you want to use as a backup destination.
2) Click on System Preferences > Time Machine to customise your backup.
3) Click on Options to select the folders to exclude from Time Machine Backups.
There are other third party tools which you could use if you wish. Retrospect and Carbon Copy Cloner are 2 of the many 3rd party tools available for this.
SYNCHRONISATION
In todays world most of us are using more than one device for our daily activities. This means that we would like to have most of the information on all the devices. This can be achieved through various applications that are available to manage our portables such as smart phones & tablets. But by far the easiest approach is to take advantage of Cloud Services.
If you have an iPhone &/or an iPad which you use along with your Mac then the best service for this is iCloud. However if you use a mix of platforms such as Android or Windows for your smart phones & tablets then using any third party service such as Google Drive, Drop Box, OneDrive will help you ensure that your information is available via the cloud across all devices.
Steps to turn on iCloud Services on your Mac:
1) Click on System Preferences > iCloud.
2) Sign in with your iCloud ID & password.
3) You should come to the iCloud panel where you can configure different iCloud Services.
4) Select the different content you want managed under iCloud.
SECURITY
This is one area which is increasingly gaining more importance. An important aspect of data management is keeping your data secure. While there is no such thing as a completely secure computer, one can definitely take steps to make sure that one’s information is kept as secure as possible.
ACCOUNT PASSWORDS: This is probably your first line of defence. Having a good strong password goes a long way in securing your data. There is a nice built in tool that evaluates & rates the passwords that you create, called as password assistant.
Password Assistant can be found on any screen within the Mac that prompts for a Password. Like the screen shot below when we are creating a new user for the Mac.
The key icon is to be clicked to launch Password Assistant.
The Password Assistant itself gives you a lot of options when it comes to choosing your password type.
Use the drop down to select the password type.
KEYCHAIN ACCESS NOTES: Keychain access is a builtin application that manages your secrets such as passwords, keys & certificates. There is also an option to save a note. Information within the note is saved in an encrypted way thereby securing it.
ENCRYPTION: This is the most secure way of saving information. There is a builtin encryption feature called FileVault which encrypts all the data on your system. There are 3rd party tools that can do this for you too: GPG, AES Crypt, PGP to name a few.
Once can use a combination of the 3 or all 3 depending on the level of security required. It is also a good idea to keep your backup secure. Securing your computer but not the backup is a bad idea.
STORAGE
Yet another common issue that a lot of us face. Most computers that have come in over the past few years offer very large built in storage space & in most cases it is sufficient. But with the growing number of photographs, movies & songs we often find that space on our computers isn’t sufficient. This is not an easy problem to solve.
A simple approach is to keep only those things we require on the Mac. Also using cloud services to store information that we don’t need to access frequently is a good idea. Compressing data using zip files is also a good approach. But a better option, especially for large amounts of data, is to compress them into ReadWrite disk images. External storage can also be considered for placing extra data.
One area where storage management is not looked at but is equally important is related to the backup drive. Overtime as your backup drive fills up it starts removing older backs (in case of Time Machine). To ensure you have as long a history of backups, make sure that you only backup those things that you need. For example there isn’t a pressing need to backup all the OS files & applications, one can reduce the backup size by eliminating unnecessary items from the backup.
Arun Patwardhan's Blog 