Search the Knowledgebase
For urgent issues and immediate concerns, please contact the HITS Service Desk at 734-936-8000. We're available 24 hours a day, 7 days a week.
"Stolen laptop contained Social Security numbers" "Laptop thieves compromise personal information" "Health Center Laptop Stolen; 6000 Affected"
The scenarios above are all real headlines. The risks associated with a stolen laptop often far outweigh just the real value of the hardware - loss of privacy, regulatory problems, and embarrassment are all real problems which could have been easily avoided with software included with the operating system.
With the release of Panther, Apple introduced a new encryption feature called FileVault. While the potential for this feature is high, there are some downsides that cannot be ignored if you wish to use it. In this paper, MSIS hopes to address both sides of the issue and ultimately answer the question "Is FileVault something that I should use?"
FileVault uses 128 bit encryption to secure a user's home directory with no user interaction required. It stores the user's home directory as an encrypted disk image. When the user successfully logs in, FileVault mounts the disk image in place of the usual home directory. All disk activity in this protected directory is encrypted and decrypted on the fly as needed. At logout, FileVault unmounts the image and the entire directory becomes one disk image file again. Thieves and hackers cannot open the encrypted disk image without knowing the password.
Because FileVault integrates so closely with the operating system and does its work "in place", users do not need to do anything different or special to encrypt their files. Applications do not need to be aware of the encryption because it is all handled by the operating system.
FileVault was designed with laptop security in mind. It provides extraordinary protection against offline attacks. Thieves will be able to boot the machine but will not be able to read any of the data in a FileVault protected home directory without also knowing the user's password. Even if they removed the drive and copyed the data to another machine they would still need to know the FileVault password to open the encrypted disc image. 128 bit AES is encryption is quite strong and it is highly unlikely that a thief will break the encryption.
FileVault also provides some protection against online attacks. While online, encrypted home directories will not be vulnerable to viruses or hacking as long the user is not logged in. This may not be a common scenario but may provide some measure of protection for machines that act as servers as well as workstations.
128 bit AES encryption is strong, but is susceptible to brute force password attacks. Because of this, a good strong password (or even passphrase) is recommended. An easy to guess password or a password left casually on a sticky note would provide an easy in for thieves. On the flipside, if a password is lost, there is absolutely no way to recover the data (unless you've set a master password, and haven't lost that password. More on that later). Users must choose passwords that are easy to remember but difficult to guess.
The nature of how FileVault works also leaves it susceptible to attacks while the user is still logged in. It is secure only when the user is not logged in and the disk image is unmounted. This requires a few extra measures to be taken to ensure that passwords are required for access. For example, a screen saver and sleep password should be required to prevent access during short periods of time the users is away from the computer. Automatic login should not be turned on.
Although FileVault prevents unauthorized access of protected data, there are areas of the hard drive that are not protected. Users will need to remain vigilant and use caution when saving or accessing files outside of their home directory. By default Parallels, the Windows virtualization tool, stores its Windows images outside of home directories so that they may be accessed by all users, thus leaving the data within the virtual machine unencrypted and vulnerable.
The potential for data loss is also is a consideration. FileVault is constantly encrypting and decrypting files, and it rolls everything up into a disk image on logout. What then, if your computer crashes before you able to logout? Or if your power goes out? The possibility exists that the disk image can become corrupt and unable to be opened. Regular backups are essential to prevent data loss, but really it is safest if machines are put on a UPS or are a laptop (which can function on battery power) so they are not susceptible to corruption due to power loss.
It is ideal to start using FileVault on a newly-imaged machine in order to make sure that all information is encrypted. To start using FileVault:
FileVault clearly has some advantages in protecting data from thieves. While there are some potential downsides, they are easy enough that with a bit of caution they can be manageable. It is clearly geared toward the laptop user, and MSIS recommends that all laptop users use it with the extra security settings outlined above.
Data theft isn't as great an issue for desktop machines, as they are stolen much less frequently, and the UPS recommendation makes it an expensive option. In most circumstances, FileVault on desktop machines is probably overkill.