An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Page 1 of 2 1 2 >
Topic Options
#24915 - 02/04/13 12:07 PM ENCRYPTION???
plantsower Offline


Registered: 09/13/09
Loc: Burson, CA
I have some sensitive info on my Macbook Pro's desktop in stickies. Would encryption via file vault protect it? Or by encrypting the hard drive via control click and choose the encrypt feature?

Also, if I keep my password in the keychain, couldn't someone get that anyway by going to the keychain?

My concern is about hackers, not real time people.

Thanks.

Rita

Top
#24916 - 02/04/13 01:01 PM Re: ENCRYPTION??? [Re: plantsower]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
Hackers as in someone getting access to your Mac over the Internet?
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#24918 - 02/04/13 01:41 PM Re: ENCRYPTION??? [Re: tacit]
plantsower Offline


Registered: 09/13/09
Loc: Burson, CA
Yes.

Originally Posted By: tacit
Hackers as in someone getting access to your Mac over the Internet?
_________________________
MacBook Pro - Sierra 10.12.6, Safari 11.1




iPhone 5s Version 9.3.2 iTunes 12.4.0.119

Top
#24925 - 02/04/13 06:04 PM Re: ENCRYPTION??? [Re: plantsower]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
You can encrypt your hard drive, but it's unlikely to be anything more than a placebo. It's unlikely anyone will "hack into" your Mac, but if they do, they'll do it by tricking you into downloading malicious software that lets them in. And if you do that, encrypting your hard drive won't help, because they can only get in when your Mac is up and running...and the hard drive is not encrypted because you've entered the password! (Encrypting the hard drive is designed to protect from someone stealing your computer.)

If you want to protect yourself from people hacking into your computer, don't download malware, and connect your computer to the Internet through a firewall (like a router, for instance).
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#24926 - 02/04/13 06:26 PM Re: ENCRYPTION??? [Re: tacit]
plantsower Offline


Registered: 09/13/09
Loc: Burson, CA
Thanks, Tacit. I have a router so I guess I'm set. I order a lot of stuff off of the internet and I have had identity theft three times. I thought maybe they got into my computer, but they probably were working for one of the companies I buy from, I guess. Not sure.

Thanks again.

Rita
_________________________
MacBook Pro - Sierra 10.12.6, Safari 11.1




iPhone 5s Version 9.3.2 iTunes 12.4.0.119

Top
#24927 - 02/04/13 10:30 PM Re: ENCRYPTION??? [Re: plantsower]
artie505 Online


Registered: 08/04/09
Hi, Rita,

Just to be certain, navigate to /Apps/SysPrefs > Security > Firewall (That's the path in 10.6.8, anyhow.) and make sure your firewall is turned on.
_________________________
The new Great Equalizer is the SEND button.

Top
#24928 - 02/05/13 06:35 AM Re: ENCRYPTION??? [Re: artie505]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: artie505
...make sure your firewall is turned on.

It's generally not a good idea to run a router's firewall together with the one built into Mac OS X. The two firewalls tend to interfere with each other and that may cause problems. While it's easy enough to switch Mac OS X's software firewall on or off via the Security prefpanel (System Prefs), that's a bit more convoluted with the hardware firewall found in routers. Personally, I prefer a router's hardware firewall over the software version offered by Mac OS X.

That said, a utility like WaterRoof (freeware) provides a user frontend for MacO OS X's firewall, allowing easier access to a variety of settings. It's important in this context to realize that firewalls focus primarily on monitoring and controlling incoming connections. To monitor and control outgoing connections, Little Snitch (commercial) is recommended.
_________________________
alternaut moderator

Top
#24929 - 02/05/13 07:10 AM Re: ENCRYPTION??? [Re: alternaut]
artie505 Online


Registered: 08/04/09
Useful, helpful post... Thanks! smile

I was unaware that there may be a conflict between the two firewalls.

I've run Little Snitch for years, and I'll now check out WaterRoof (Thanks for the link.) to supplement OS X's firewall. (Any particular reason you prefer a router's firewall over OS X's, which I've been led to believe is pretty robust?)

Back to business, though, will Rita's router's reinforced, robuster ( shocked ) firewall be automatically turned on, or does she need to check her settings to ensure that she's not being mistakenly complacent?

Edit: I just d/l'ed WaterRoof (via MacUpdate), and I must say that the screenshot posted by its dev is among the most daunting I've ever seen.

Also, WR is donationware. (PayPal & Bitcoins)
_________________________
The new Great Equalizer is the SEND button.

Top
#24933 - 02/05/13 10:00 AM Re: ENCRYPTION??? [Re: artie505]
plantsower Offline


Registered: 09/13/09
Loc: Burson, CA
Artie, thanks! My firewall was off! All the stuff Alternaut said just confused me (thanks for responding, though Alternaut). I have my router and I turned on my OS firewall. If I have any problems, I will revisit this post.

Thanks again.

Rita

Originally Posted By: artie505
Hi, Rita,

Just to be certain, navigate to /Apps/SysPrefs > Security > Firewall (That's the path in 10.6.8, anyhow.) and make sure your firewall is turned on.
_________________________
MacBook Pro - Sierra 10.12.6, Safari 11.1




iPhone 5s Version 9.3.2 iTunes 12.4.0.119

Top
#24934 - 02/05/13 10:42 AM Re: ENCRYPTION??? [Re: artie505]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: artie505
- Any particular reason you prefer a router's firewall over OS X's ... ?

- ...will Rita's router's reinforced, robuster ( shocked ) firewall be automatically turned on... ?

- Hardware firewalls are OS-independent, not vulnerable to malicious attacks, and faster due to their dedicated hardware, while software firewalls aren't. On the down side, hardware firewalls are more expensive and subject to 'single point of failure' disruption of your internet connection. For details, see Firewalls – Overview and Best Practices.

- Most (if not all) routers come with their (hardware) firewalls ON by default. Software firewalls, like those provided by the OS, tend to be OFF by default (this may be related to the ubiquitousness of routers and their hardware firewalls). I consider this difference a minor point.
_________________________
alternaut moderator

Top
#24935 - 02/05/13 11:13 AM Re: ENCRYPTION??? [Re: plantsower]
artie505 Online


Registered: 08/04/09
alternaut's posts suggest that your router's firewall is turned on, and that your having turned on your OS X firewall in addition may cause you problems.

I suggest that you go into your router's settings and check to see if its firewall is on, and if it is, turn one of the two off...your call, based on your take on alternaut's posts.

> If I have any problems, I will revisit this post.

If you have any problems, it will be too late to revisit this thread.
_________________________
The new Great Equalizer is the SEND button.

Top
#24937 - 02/05/13 12:09 PM Re: ENCRYPTION??? [Re: artie505]
plantsower Offline


Registered: 09/13/09
Loc: Burson, CA
LOL! That made me laugh! Not because it's not true. smile

How do I check my router's settings?

Rita

> If I have any problems, I will revisit this post.

If you have any problems, it will be too late to revisit this thread. [/quote]
_________________________
MacBook Pro - Sierra 10.12.6, Safari 11.1




iPhone 5s Version 9.3.2 iTunes 12.4.0.119

Top
#24938 - 02/05/13 12:10 PM Re: ENCRYPTION??? [Re: alternaut]
plantsower Offline


Registered: 09/13/09
Loc: Burson, CA
I have no preference. I know nothing about firewalls. And I probably won't read up on them because it will make my eyes cross. Just needed a simple answer. Thanks. smile

Rita

[quote=alternaut][quote=artie505]- Any particular reason you prefer a router's firewall over OS X's ... ?
_________________________
MacBook Pro - Sierra 10.12.6, Safari 11.1




iPhone 5s Version 9.3.2 iTunes 12.4.0.119

Top
#24939 - 02/05/13 12:18 PM Re: ENCRYPTION??? [Re: alternaut]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: alternaut
It's generally not a good idea to run a router's firewall together with the one built into Mac OS X. The two firewalls tend to interfere with each other

[citation needed]

(I've never heard of that)
_________________________
I work for the Department of Redundancy Department

Top
#24940 - 02/05/13 12:21 PM Re: ENCRYPTION??? [Re: Virtual1]
plantsower Offline


Registered: 09/13/09
Loc: Burson, CA
In your opinion, which is the best way to go?

Rita


Originally Posted By: Virtual1
Originally Posted By: alternaut
It's generally not a good idea to run a router's firewall together with the one built into Mac OS X. The two firewalls tend to interfere with each other

[citation needed]

(I've never heard of that)
_________________________
MacBook Pro - Sierra 10.12.6, Safari 11.1




iPhone 5s Version 9.3.2 iTunes 12.4.0.119

Top
#24943 - 02/05/13 02:32 PM Re: ENCRYPTION??? [Re: Virtual1]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: Virtual1
- [citation needed]

FWIW, the first link I provided in post # 24928 above gives you Bob LeVitus opinion on the matter, albeit without explanation. I'll post more if I find something relevant.

Apart from opinions, the main reason not to run two firewalls in sequence is that both firewalls can have different and conflicting rule sets enabled. In the best case (both with default settings), likely nothing untoward will happen, other than that the software firewall is entirely superfluous, wasting CPU cycles and slowing data passage in the process.
When the issue is blocking certain access, two firewalls may duplicate each other, with the 2nd one effectively idled by the first, or the second one filters what the first one wasn't set to do.
When allowing special access, port forwarding etc., both firewalls need to be exactly in tune, or the access is disabled. When such an access issue is encountered, it pays to see if both firewalls are enabled, and to check if turning one off changes the dynamic.

The main reason to use both kinds of firewall in tandem is that you could then set different rules between computers within a network that uses a common router/hardware firewall to protect the entire network's access to the Internet. But this is not standard procedure for a small, private network, while the hardware firewalls that are used for this purpose often have more options and capabilities than a router for home use.
A reason a home user might have both firewalls enabled is when, for example, the router is harder (or impossible) to configure for a specific purpose than the OS firewall, allowing a special config to be handled by the OS (assuming it can do that). In the latter case, a good front end to the OS firewall would help, as software firewalls tend to be hard to configure.
In the end, however, even hardware firewalls rely on software, but their advantage comes from the dedicated hardware it runs on, and the fact that it's OS independent. Of course, if any of the software involved is flaky, all bets are off.
_________________________
alternaut moderator

Top
#24944 - 02/05/13 02:50 PM Re: ENCRYPTION??? [Re: artie505]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: artie505
I just d/l'ed WaterRoof (via MacUpdate), and I must say that the screenshot posted by its dev is among the most daunting I've ever seen.

Also, WR is donationware. (PayPal & Bitcoins)

The IPFW type firewall used by Mac OS X thru Snow Leopard has been deprecated for the IP type used in Lion and Mountain Lion. Despite this, both types can still be used in Lion and Mountain Lion. The WaterRoof front end is intended for the older IPFW firewall. A simpler version is provided by NoobProof. A front end for the newer IP firewall is provided by IceFloor. As you noted, the utilities listed here are donationware.
_________________________
alternaut moderator

Top
#24945 - 02/05/13 02:52 PM Re: ENCRYPTION??? [Re: alternaut]
artie505 Online


Registered: 08/04/09
> FWIW, the first link I provided in post # 24928 above gives you Bob LeVitus opinion on the matter, albeit without explanation.

Does the fact that your linked doc was written 5-7 years ago affect its current relevance?
_________________________
The new Great Equalizer is the SEND button.

Top
#24946 - 02/05/13 02:53 PM Re: ENCRYPTION??? [Re: plantsower]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: plantsower
How do I check my router's settings?

That depends on the make/model router you've got. If you'll let us know we can provide some more info.
_________________________
alternaut moderator

Top
#24947 - 02/05/13 02:56 PM Re: ENCRYPTION??? [Re: artie505]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: artie505
Does the fact that your linked doc was written 5-7 years ago affect its current relevance?

A doc about Mountain Lion written 5-7 years ago? LeVitus must have been clairvoyant... smirk
_________________________
alternaut moderator

Top
#24948 - 02/05/13 03:31 PM Re: ENCRYPTION??? [Re: alternaut]
plantsower Offline


Registered: 09/13/09
Loc: Burson, CA
It's a Belkin. But if it means I have to deal with that unit or hook my computer up to it, forget it. It's in a high-up, awkward place and I don't want to deal with it.

Rita

Originally Posted By: alternaut
Originally Posted By: plantsower
How do I check my router's settings?

That depends on the make/model router you've got. If you'll let us know we can provide some more info.
_________________________
MacBook Pro - Sierra 10.12.6, Safari 11.1




iPhone 5s Version 9.3.2 iTunes 12.4.0.119

Top
#24949 - 02/05/13 03:32 PM Re: ENCRYPTION??? [Re: alternaut]
plantsower Offline


Registered: 09/13/09
Loc: Burson, CA

confused blush I don't think we speak the same language. smile Rita



Originally Posted By: alternaut
Originally Posted By: Virtual1
- [citation needed]

FWIW, the first link I provided in post # 24928 above gives you Bob LeVitus opinion on the matter, albeit without explanation. I'll post more if I find something relevant.

Apart from opinions, the main reason not to run two firewalls in sequence is that both firewalls can have different and conflicting rule sets enabled. In the best case (both with default settings), likely nothing untoward will happen, other than that the software firewall is entirely superfluous, wasting CPU cycles and slowing data passage in the process.
When the issue is blocking certain access, two firewalls may duplicate each other, with the 2nd one effectively idled by the first, or the second one filters what the first one wasn't set to do.
When allowing special access, port forwarding etc., both firewalls need to be exactly in tune, or the access is disabled. When such an access issue is encountered, it pays to see if both firewalls are enabled, and to check if turning one off changes the dynamic.

The main reason to use both kinds of firewall in tandem is that you could then set different rules between computers within a network that uses a common router/hardware firewall to protect the entire network's access to the Internet. But this is not standard procedure for a small, private network, while the hardware firewalls that are used for this purpose often have more options and capabilities than a router for home use.
A reason a home user might have both firewalls enabled is when, for example, the router is harder (or impossible) to configure for a specific purpose than the OS firewall, allowing a special config to be handled by the OS (assuming it can do that). In the latter case, a good front end to the OS firewall would help, as software firewalls tend to be hard to configure.
In the end, however, even hardware firewalls rely on software, but their advantage comes from the dedicated hardware it runs on, and the fact that it's OS independent. Of course, if any of the software involved is flaky, all bets are off.
confused
_________________________
MacBook Pro - Sierra 10.12.6, Safari 11.1




iPhone 5s Version 9.3.2 iTunes 12.4.0.119

Top
#24950 - 02/05/13 04:42 PM Re: ENCRYPTION??? [Re: alternaut]
artie505 Online


Registered: 08/04/09
My mistake... I blew past the #24928 ref and looked at the doc linked in #24934, which is years old:

Quote:
© Copyright Decipher Information Systems, 2005. All rights reserved.
The information in this publication is furnished for information use only, does not constitute a commitment from Decipher Information Systems of any features or functions discussed and is subject to change without notice. Decipher Information Systems assumes no responsibility or liability for any errors or inaccuracies that may appear in this publication.
Last revised: June 2006

blush
_________________________
The new Great Equalizer is the SEND button.

Top
#24951 - 02/05/13 04:45 PM Re: ENCRYPTION??? [Re: plantsower]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: plantsower
It's a Belkin. But if it means I have to deal with that unit or hook my computer up to it, forget it. It's in a high-up, awkward place and I don't want to deal with it.

Your Mac is already connected with your router, or it wouldn't do you any good, would it? However, many routers need to be connected with an ethernet cable to be configured, even when you intend to use it as a wireless router, so that may be an issue.

Routers are usually configured via built-in setup pages, which you can access with a web browser on your Mac. You do that by entering the setup page address in your browser's address bar, the same way you would surf to a web site by typing in its web address. Belkin routers use http://192.168.2.1 as address. That will bring you to the login screen. By default, there is no password, so you can just hit Return to proceed, but you can set one (recommended). You may find more detailed instructions for the various configuration options (and where to find them) via this Belkin Support page.
_________________________
alternaut moderator

Top
#24953 - 02/05/13 06:26 PM Re: ENCRYPTION??? [Re: alternaut]
plantsower Offline


Registered: 09/13/09
Loc: Burson, CA
Yes, it's connected to the router wirelessly but I meant physically I don't want to bother. I will click on that link you gave me. Thanks a lot.

Rita


Originally Posted By: alternaut
Originally Posted By: plantsower
It's a Belkin. But if it means I have to deal with that unit or hook my computer up to it, forget it. It's in a high-up, awkward place and I don't want to deal with it.

Your Mac is already connected with your router, or it wouldn't do you any good, would it? However, many routers need to be connected with an ethernet cable to be configured, even when you intend to use it as a wireless router, so that may be an issue.

Routers are usually configured via built-in setup pages, which you can access with a web browser on your Mac. You do that by entering the setup page address in your browser's address bar, the same way you would surf to a web site by typing in its web address. Belkin routers use http://192.168.2.1 as address. That will bring you to the login screen. By default, there is no password, so you can just hit Return to proceed, but you can set one (recommended). You may find more detailed instructions for the various configuration options (and where to find them) via this Belkin Support page.
_________________________
MacBook Pro - Sierra 10.12.6, Safari 11.1




iPhone 5s Version 9.3.2 iTunes 12.4.0.119

Top
Page 1 of 2 1 2 >

Moderator:  alternaut, dkmarsh, joemikeb