Archive for the 'Security' Category

PGP Whole Disk Encryption for Mac OS X

August 26, 2008  (Jeffrey Kabbe)

PGP announced an upgrade to its encryption platform, which now includes whole disk encryption for Mac OS X. For anyone who works with confidential information, laptop security is an increasingly important issue. File Vault has been a decent solution, but not one that works well with backup applications like Time Machine. I haven’t had a chance to try it yet, but it sounds like PGP whole disk encryption should play much better with Time Machine.

A free trial of PGP Desktop is available. The FAQ indicates that any disks encrypted with whole disk encryption will decrypt at the end of the trial. But, as with anything that messes with your data, I recommend caution before running it on a primary work computer.

1Password To-Go

July 22, 2008  (Jeffrey Kabbe)

Agile Web Solutions has given us a sneak preview of 1Password for the iPhone (with lots of screen shots!). I have to admit that I am pretty nervous about taking all of my passwords with me. The cost-benefit analysis just seems to weigh against it (the benefit seems pretty low because I seldom need passwords on the run). But Agile seems to have thought pretty hard about the security aspect and has come up with some pretty interesting solutions. The good news is that 1Password for the iPhone will be free (at least for a limited time). Maybe I’ll decide I need it all the time once I have it! Look for it soon in the App Store.

Update: It’s arrived.

Apple Posts Leopard Security Guide

June 3, 2008  (Jeffrey Kabbe)

Our ethical obligations as lawyers makes computer security even more important than for regular computer users. Apple has stepped up with a very thorough Leopard security guide. The guide is not short, at 240 pages. It isn’t for the faint of heart, and reading it is like drinking from the security fire hose. The guide begins with background information about the Unix features that are the basis for OS X security. After that is a stream of recommendations and settings that can be used to improve security. The vast number of suggestions is difficult to absorb, but there are some nuggets to be found. For example, on page 145, the guide explains how to delete all Time Machine versions of a file. That could be important if you ever need to delete privileged or confidential information that you are no longer entitled to possess.

Obviously, the guide is aimed at more experienced Mac users. But, even novices might find the guide useful. Mac OS X is pretty secure right out of the box. But if you’re concerned about security, you might consider checking the guide before changing any of the default system settings to see if Apple has identified any potential security consequences.

Mozy: Offsite Secure Backup

March 10, 2008  (Jeffrey Kabbe)

Data integrity is pretty important to lawyers. We need to make sure our client’s data is available and protected. Failure to do so could even be an ethics violation. With that in mind, I have been looking for a backup solution for my wife’s estate planning practice. I may have found what I am looking for in Mozy.

Mozy is a company (which is part of the EMC family) offering secure online backups of your computer files. Mozy offers three levels of service: MozyHome, MozyPro, and MozyEnterprise. Currently, on MozyHome supports Mac OS X. You’ll need to be running Windows 2000, Windows Server 2000, or any newer versions of Windows to take advantage of MozyPro or MozyEnterprise. In this article, I will talk about MozyHome, but much of the information will apply equally well to MozyPro and MozyEnterprise (take a look at the Mozy product feature comparison chart). I signed up for a free 2GB MozyHome account. MozyHome accounts with unlimited storage are also available for $4.95 per month.

Getting Started

Using MozyHome requires installing the Mozy backup software. The Mozy software works similarly to Apple’s .Mac Backup application when choosing which files to backup. You can choose one or more backup sets to be included in the Mozy backup. A backup set can be an entire folder or a spotlight search that is run against a folder (or even your entire computer). The software also supports a simpler backup mode where you can choose a single directory or file to be backed up.

Security

Your files are transmitted securely to Mozy’s servers using 128-bit SSL encryption. This is the same kind of security you will find on many banking websites and other websites which ask for or display your personal or financial information. Once on Mozy’s servers, your data is protected with 448-bit Blowfish encryption. You can choose to either use Mozy’s encryption key (which the software lists as “recommended”) or use your own key. Using Mozy’s key might mean less strain on their servers, but it’s not going to mean better protection for you. If anything it will mean the opposite: if someone breaks into Mozy’s servers and gets the Mozy key, all of your data is vulnerable. If you’re using your own key, the attacker will have an extra hurdle to getting at your data.

Backing Up

Setting up was quick and very straightforward. Backing up? Not so much. A trip to the dictionary might help us understand.

mo·sey
intr.v. mo·seyed, mo·sey·ing, mo·seys Informal
1. To move in a leisurely, relaxed way; saunter.
alternate: mozy

Ok, that list part wasn’t in the dictionary – but it should be. Mozy was quite leisurely and it didn’t appear to be in any hurry to backup my files. The initial backup of 1.5GB involved many false starts (broken connections) and finally finished 3 days after it started. Upload speeds ranged from 1.6 to 114.5 KB/s. That first number might help explain why the initial backup took so long. Even that second number, though, could be troubling for people who have 10-20GB or more of data to backup. Backups seem to happen pretty infrequently also. Mozy seems to only perform a backup about once a day, and I can’t find a way to alter that frequency.

Restoring Data

Using the Mozy software you can view your backed up files and traverse the directories in the same manner as the Finder’s column view mode. Unfortunately, there is no preview ability, so you just have to know what you’re looking for. Prior to Leopard, this wouldn’t have been an issue because that’s the way it’s always worked. Quick Look changed expectations – it’s the new baseline for required features. You can choose which backup to restore a particular file from by choosing a date from the Backup Date menu. It’s not clear whether multiple versions of changed files are retained or whether it simply allows you to filter the list and find what you are looking for more quickly. In either case, it’s of limited usefulness without the ability to preview files.

Mozy also makes you choose where the restored file will appear (the default restore location is the Desktop). Having the flexibility to make it appear anywhere is nice. The restore location should default, though, to the folder the file came from.

Conclusion

Pros: Easy to setup; flexible backups using backup sets; solid encryption (if not quite top-of-the-line); free 2GB backup.

Cons: Only backs up files every day or two; no ability to preview files before restoring; slow backups.

Bottom Line: I’ll probably start using MozyHome to make offsite backups of critical client files. That is the kind of backup where you never plan to restore, unless your office is destroyed in a flood and all of your computer equipment is swept away. For everyday backups – the kind where you need to restore a file you accidentally deleted – Time Machine is a far superior solution. If you’re a lawyer or run any other kind of business that involves valuable or private data, you probably need both. Mozy provides a good second layer of backup behind Time Machine.

Mac, Interrupted

February 11, 2008  (Jeffrey Kabbe)

I apologize for the downtime and lack of posts the last few days. My ISP had some software issues over the weekend, but they appear to have been resolved now. I expect to get back to regular posting tomorrow.