CAUTIONS

  • Be sure to backup your data before encrypting any of it during the pilot.  We expect that we will encounter some problems where a misplaced certificate or lost password will result in the data be lost forever.  The goal of the pilot is to evaluate the products and processes, not protect or destroy your data.
  • Be sure to use to use a Master Password in case you forget the user password.  FileVault uses a decryption key stored in a user's key chain which become unaccessible if the password is force reset. The only way to recover the encrypted data if the user's password is reset is if you have already established a Master Password for the system and remember it.
  • Allow plenty of time the first time.  Encrypting large pieces of data will take time.  As it depends on your hardware and data size, we don't have any guidelines as of yet.  By the end of the first phase, we hope to have general guidelines for how long the initial setup takes.
  • Remember that an FileVault does not protect data shared across the network or from network based attacks.  Be sure to use secure methods to transfer files, like SFTP.
  • Disable Automatic login; Automatic login unlocks the files when the machine is booted, so even though the files are encrypted when the system is powered off, all a thief has to do to access them is power on the system..
  • Require password to wake this computer from sleep or screen saver.  Most laptops are rarely powered off completely, but live in a suspended state.&nbsp Also, you want to protect your data if you walk away from the machine for a period of time so enable a screen saver and require a password to access the machine upon returning;
  • Enabling FileVault can take HOURS and your system will be unusable during that time.  If you have a lot of data in your Home folder, which includes Movies, Pictures, Libraries, Music, etc., it can take a long time, even on a fast machine to enable FileVault.  One test with 26GB took 4.5 hours.

Steps to enable FileVault

  1. Go to System Preferences.
  2. Click on Security - it has a picture of a house with a padlock knob on it.
  3. Set a Master Password by clicking on the button to do so. If you already have one set, make sure you know what it is.
  4. To turn on FileVault, click on the button labelled Turn On FileVault...
  5. Click through the following dialogs only if you can have your machine unusable for the estimated time and then some.
  6. Go do something else for a while.
  7. After some time, you should see the normal login screen.  You can tell that the Home Folder is protected by FileVault because now it shares the padlocked house logo with the Security System Preference.

To set a Master Password:

  1. Open the Security System Preference.
  2. Click on the button to Set Master Password.
  3. Follow the dialogs and set a password.
  4. I recommend writing this down and storing it somewhere away from your computer in a safe location.  You will need this password to unlock any encrypted data for users that forget their password.  You should be careful to protect this password as it also serves as a key to unlock any FileVault encrypted data and can be used to adminster the machine.
  • No labels