The Security Corner
FileVault 2
Users not enabled for FileVault unlock will only be able
to log in to that Mac after an unlock-enabled user has
started or unlocked the drive. Once unlocked, the drive
remains unlocked and available to all users, until the
computer is shut down.
BitLocker Drive Encryption (BitLocker for short) helps
prevent a thief who boots another operating system or
runs a software hacking tool from breaking Windows 7
file and system protections or performing offline viewing
of the files stored on the protected drive.
BitLocker To Go gives administrators control over how
removable storage devices can be utilized within their
environment and the strength of protection that they
require. Administrators can require data protection for any
removable storage device that users want to write data
upon; while still allowing unprotected storage devices to
be utilized in a read-only mode. Policies are also available
to require appropriate passwords, smart card, or domain
user credentials to utilize a protected removable storage
Forty two percent of respondents in the Computer
Security Institute’s 2008 Computer Crime and Security
Survey reported having a laptop or mobile device stolen
in the previous year. The critical consequences of losing
sensitive corporate data include decreased brand
reputation, lawsuits, regulatory penalties, and possible
criminal prosecution. Now is the time to encrypt your
mobile data, whether stored on laptops or removable
drives, for the risks of unencrypted data are too great to
be ignored. “
(1) Computer Associates, “CA 2008 Security and Privacy
Survey”, July 16, 2008
(2) Ponemon Institute, “Airport Insecurity: The Case of
Lost & Missing Laptops”, July 29, 2008
(3) Gartner, “Forecast: USB Flash Drives, Worldwide,
2001-2011”, September 24, 2007
(4) The Register, “MoD: We lost 87 classified USB sticks
since 2003”, July 18, 2008
FileVault2 for OSX
based MAC devices:
The following is from:
FileVault 2 uses full disk, XTS-AES 128 encryption to help
keep your data secure. With FileVault 2 you can encrypt
the contents of your entire drive.FileVault 2 requires OS X
Lion or Mountain Lion and Recovery HD installed on your
startup drive, which the OS X Lion installer will attempt to
create at installation. Recovery HD is normally present
after installation. In rare situations, you may receive an
alert that no Recovery HD could be created but continued
to install OS X Lion (in this unlikely scenario, you will be
unable to use FileVault 2).
FileVault 2 is managed via the Security & Privacy
preference in System Preferences. Click the FileVault tab
in the Security & Privacy preferences and you can enable
or disable FileVault.
If you migrated a home directory that was encrypted by
an earlier version of FileVault, you will not be able to turn
on FileVault 2.
Upon selecting “Turn On FileVault”, if your Mac has
multiple user accounts, you will be asked to identify
the user accounts that will be allowed to unlock the
encrypted drive (to start the computer or recover from
sleep or hibernation).
You will need to enter the password, or have users enter
their passwords, for each account you wish to allow to
unlock FileVault 2. After enabling users for disk unlock,
you will be shown your recovery key.
1,2,3,4,5,6,7 9,10,11,12,13,14