File Vault and Firewall?

I have a new macbook pro. Should I turn on File Vault and Firewall?

The purpose of FileVault is to protect your files from being read by someone who has physical access to the computer. If you need or want that protection, you should enable it.
The application firewall blocks incoming network traffic, regardless of origin, on a per-application basis. Typically, it would be configured to allow only applications digitally signed by Apple to listen on the network. It does not block outgoing traffic, nor can it distinguish between different sources of incoming traffic. It is not, as some people seem to believe, a malware filter.
So for example, suppose you enable file sharing, and allow access by guests to certain folders. You want people on your local network to be able to access those files without having to enter a password. When configured as stated above, the firewall will allow that. Your router will prevent outsiders from accessing the files, whether the application firewall is on or not. But if your computer is portable and you connect it to an untrusted network such as a public hotspot, the firewall will still allow access to anyone, which is not what you want.
Now suppose you unknowingly install a trojan that steals your data and uploads it to a remote server. The firewall, no matter how it's configured, will not block that outgoing traffic. It does nothing to protect you from that threat.
Another scenario: Your web browser is compromised by a trojan. The trojan redirects all your web traffic to a bogus server. The firewall does nothing to protect you from this threat.
A final scenario: You're running a public web server. Your router forwards TCP connection requests on port 80 to your Mac, and the connections are accepted by the built-in web server, which is signed by Apple. The application firewall, still configured as above, allows this to happen. Now you download a different trojan, one that tries to hijack port 80 and replace the built-in web server. The good news here is that the firewall does protect you; it blocks incoming connections to the trojan and alerts you. The bad news is that you've been rooted. The attacker who can do all this can just as easily disable the firewall, in which case it doesn't protect you after all.
It might make a bit of sense to use the firewall if you're running trusted services on an unprivileged port; that is, a port numbered higher than 1023. Those ports can be bound by a process with no special privileges.
Here is a more realistic scenario in which you should enable the firewall. Your portable Mac has several sharing services enabled. You want those services to be available to others on a home or office network. When you're on those networks, the firewall should be off. When you move to an untrusted network, you can either turn off all the services, or enable the firewall to block them. Blocking is easier: one configuration change instead of several.

Similar Messages

  • Recovery Partition mandatory for File Vault and unencrypted TM Backup?

    I recently had to setup my Macbook Pro from scratch meaning erasing the whole disk and start from there.
    The update to Lion took already place a while ago and I had File Vault active. After making a last backup using
    TM I erased the disk and all partitions including Recovery partition and used the Leopard system DVD to boot
    the machine.
    From there I used the restore function to restore my TM backup to the MacBook. However, as the drive was
    not partioned and not formated, I had to do this manually. Apparently, the recovery process via TM does not include
    that. After system recovery, I booted from the Macbook and all apps and configuration seemed ok.
    I was a little surprised to see that I was able to do this recovery without being asked for ID and password of the user's File Vault access
    or the File Vault recovery key. All I needed was the TM ID and password (which is different from the owners ID and password)
    I am not sure if this is supposed to work like this but I looks rather easy to gain access to application an data of another user if that
    is all it takes?
    Now booting Lion again, I checked File Vault and noticed it was disabled although it was enabled for quite a while and long time
    before I took the latest backup. I could not turn it on, after providing a recovery key and asking me wether I wanted to write it down
    or safe it with Apple which I declined I wanted to reboot the notebook to start encryption but stopped saying my partition or volume
    would not support File Vault. This was GUID and MacOS Extended Journal partition and volume which to my knowledge would
    certainly support File Vault. In fact this is basically what I had before when File Vault was turned on and running.
    I called Apple support a few times. The second agent told me that it does not work because there is not recovery partition on my
    system but there was when I took the latest backup and I do have other means to get the recovery screen. Anyway it seems that
    File Vault required a local Recovery partition and I was wondering if anyone can tell me why this dependency exist. If I write down the
    recovery key, why would I need it to be stored on my disk as well?
    Also, if anyone has an idea if there is a way of creating a local recovery partition without having to go through the lenghty process of installing
    Leopard then upgrade to Lion and install all the apps and configure the OS again, would be great? I assume when I am back on Lion and use the TM
    backup for recovery, I probably end up with having the Recovery partition deleted and start from scratch again.
    I am a little concerned about the fact that it seems so easy to gain access to a protected backup and that the TM restore process does not include
    restoring partition and volumes as well. Who knows how many other dependencies exist and users have to reinstall their system again after recovery.
    I was following the recovery instruction of Apple but perhaps someone knows a better way to do this?

    Just an update, I went ahead and installed Lion again over the existing TM restored installation using the Lion Update file and at least File Vault is working. Interestingly, I still do not have a Recover partition so obviously something new for Apple Support to learn.

  • What are the differences between file vault and legacy file vault?

    what are the differences between file vault and legacy file vault?

    Legacy is an encrypted disk image of your Home folder, FileVault2 is whole disk encryption

  • File vault and wanted to upgrade to Lion

    I have a client who was using file vault and wanted to upgrade to Lion. I did a Time Machine backup and upgraded to Lion. Ater that I noted that time machine does not backup file vault files. Please help.

    Are you trying to sign into the App Store and can't?

  • File vault and wake from sleep

    I had File Vault on ever since I got my Macbook Pro. It has always been slow to sleep and to wake from sleep -- sometimes taking 30 seconds. Then I turned File Vault and encryption of virtual memory off. Now the Macbook Pro wakes from sleep instantly. Can anyone explain what accounts for the difference?

    Hi, Daniel.
    You MacBook Pro employs Safe Sleep. An educated guess would be that using one or both of FileVault or Encrypted VM might incur an additional delay for encryption of the sleepimage file.
    Since it is easy to enable or disable Encrypted VM, try turning that back on and seeing if the delay returns. If so, that was the cause. If not, then it would FileVault.
    Good luck!
    Dr. Smoke
    Author: Troubleshooting Mac® OS X

  • What is file vault and should i turn it on??

    What is file vault and shuld i use it?

    It basically is a system that encrypts your hard drive, making it more secure. It basically makes it so if your laptop is stolen and the thief wants to access files, they won't be able to just take out the HD and put it in another computer.
    It really is not necessary unless you are working with files that are very confidential.

  • Lion OSX File Vault and filesharing with unencrypted users/computers

    How does File Vault 2 work in the following Use-Case? 
    User A, has full disk encryption through File Vault enabled on a MacBook Air. 
    User A has an Microsoft Excel file that has been stored in his/her Documents Folder on their encrypted drive. 
    User A wants to share this file with User B so that User B can finish entering data and adding some calculations. 
    User B is a Windows 7 PC with no disk encryption. 
    User A drops this file on a WIndows file server that both User A and User B has access to. 
    This file server is not an encrypted system. 
    Will the act of User A dropping the file on the file server automatically unencrypt the file so the User B can open the Excel file and work with it?

    The files don't get passed as an encrypted object. They get passed as files. The encryption/decryption works at a level that is transparent to just about everything, includingthe file system.
    So, no, the file is not encrypted when you drop it onto a file server.

  • Time Machine, File Vault and External Hard Drive

    I use file vault on my well travelled MBP.  When I get home I connect to my EHD for a regular backup using Time Machine.  I am the only user on the MBP.  My questions are:
    Since the MBP is encrypted is the backup encryted on the EHD?
    Should I ever need to restore from Time Machine using the EHD would I therefore need the password to access the backup?
    If the EHD is NOT encrypted, how do I accomplish this and have File Vault work as seemlessly on the EHD as it does on the MBP
    MacOS X 10.7.5
    Thanks

    1. Only if the external HD is encrypted, which can be done by formatting it as an encrypted volume with Disk Utility before setting it up with Time Machine, or by checking the option to encrypt the drive in the Time Machine system preferences.
    2. No. The password for unlocking the drive is kept on the drive, so if you need to restore from backup all you should need is to supply the password when using the OS X Tools.
    3. See #1.

  • Aperture, File Vault, and Time Machine used together?

    I am interested to know if I could setup a system to run like this:
    1. Create a user account with File Vault turned on
    2. Use Aperture inside the File Vault protected profile, thus the Aperture Library is encrypted
    3. Plug in an external drive and use Time Machine as normal.
    I have heard that in order to use Time Machine and Aperture that one must tell Time Machine to NOT backup the Aperture library. However, if File Vault is used doesn't Time Machine only backup the encrypted volume upon logout?
    Can anyone foresee this causing problems? Thanks!

    Time Machine and File Vault aren't a particularly good combination.
    See #25 in [Time Machine - Frequently Asked Questions|http://web.me.com/pondini/Time_Machine/FAQ.html] (or use the link in *User Tips* at the top of this forum), for details and some possible alternatives.

  • File Vault and Shutdown

    I am required to use file vault to encrypt my home directory at work. Often, during shut down, I get a message that says "...recovering disk space..." and I have to wait for several minutes before the system will shut down. This is usually not a problem, but I noticed that it becomes a problem if I do anything with my external hard drive.
    If I work with files on my external hard drive, and then I eject the drive and shut down, the system shut down gets hung up trying to recover disk space, and never shuts down (even after > 8 hours). However, if I leave the external hard drive plugged in during shut down, everything seems to be OK. Then I can disconnect the drive after shut down and carry on with my life.
    It would be great if an apple engineer would read this, and figure out why the system is getting hung up during shut down when the hard drive has been ejected. Maybe before ejecting, the there should be a "recovering disk space on the external hard drive" routine.
    If anyone out there has any other thoughts, they are appreciated.

    These are user to user forums. Apple engineers don't normally reply here.
    If you want to report this issue to Apple's engineering, send a bug report or an enhancement request via its Bug Reporter system. To do this, join the Mac Developer Program—it's free and available for all Mac users and gets you a look at some development software. Since you already have an Apple username/ID, use that. Once a member, go to Apple BugReporter and file your bug report or enhancement request. The nice thing with this procedure is that you get a response and a follow-up number; thus, starting a dialog with engineering.

  • File Vault and Time Machine

    Hi, I am new mac users, and I need to know how to secure my time machine drive so if you plug in to other mac should ask for password, by googling some info, I found some trick to set our mac with file vault, so all user data will be encrypted.
    but after my imac sets file vault, time machine only works for shared folders, and not realtime backup my main data and system, it inly backup when I log out or shut down my mac.
    so I assume my backup data from my time machine will not work for restoring file as normal time machine backup
    any solution for this? thanks

    Time Machine and File Vault aren't a particularly good combination.
    See #25 in [Time Machine - Frequently Asked Questions|http://web.me.com/pondini/Time_Machine/FAQ.html] (or use the link in *User Tips* at the top of this forum), for details and some possible alternatives.

  • Did something with File Vault and now i can't log in

    I feel stupid, sure, but hey I was just trying to get people away from my files. So what do i do now? I AM FRUSTRATED....cause i have the right password, but it just gives me a "can't log in right now" message... HELP!

    Triple-click the line below to select it:
    /System/Library/CoreServices/Directory Utility.app
    Rght-click or control-click the highlighted text and select
    Services ▹ Open
    from the contextual menu.* The application Directory Utility will open.
    In the Directory Utility window, click the lock icon and authenticate. Select the Directory Editor tool in the toolbar. Select Users from the Viewing menu in the toolbar, if not already selected. Select the affected user account in the list. On the right is a list of properties and values. Select the property "HomeDirectory" and delete it by clicking the minus-sign icon directly below the property list. There are two such icons in the window. You want the one on the right, not the one on the left.
    CAUTION: Do not click the minus-sign icon on the left, below the user list.
    Then click the Save button in the lower right corner of the window. Quit Directory Utility.
    CAUTION: There is no "undo" in Directory Utility. If you make a mistake and delete something in the Directory Editor that should not have been deleted, restore your whole system from a backup and start over. I have no other help to offer in that case.
    Try again to log in as the affected user. If you can log in, you should find a file in the home folder with the name of the user and the filename extension "sparseimage" or "sparsebundle". Double-click that file. A disk image should open. Copy your files from that disk image to restore them.
    I strongly suggest that you deactivate legacy FileVault in the Security & Privacy preference pane, then log out and log back in. Consider activating FileVault 2 if you want that kind of security.
    *If you don't see the contextual menu item, copy the selected text to the Clipboard (command-C). Open a TextEdit window and paste into it (command-V). Select the line you just pasted and continue as above.

  • On my mac should i turn on the firewall; and file vault or just leave them off?

    On my mac should I turn on the firewall; and file vault or just leave them off?

    Yes, you should turn on your Firewall, and in the advanced options, select 'stealth mode'.
    Unless you want to encrypt your hard drive, you don't need File Vault and can leave it off.

  • Time Machine and File Vault problems

    Hi,
    Since I converted to Mac more than a year ago, I turned my file vault on (although I learned in the meantime that it is not actually necessary....)
    I now recently bought the time Capsule and found out that the Time Machine doesn't go well with the File Vault turned on. It does back up the home folder only when logged out and I don't get the hourly backups for single files either.
    I then tried to turn File Vault off, but get the error message that I haven't got enough space on my hard disk (which I have). This message led me to this article here: http://support.apple.com/kb/TS1974
    I am really not an expert and not too confident to play around with accounts, backups and so on, so I really don't want to go down the described route.
    For me, it looks like a bug in OS X, I should be able to turn File Vault off with the click of a button. Also, why is the File Vault / Time Machine conflict nowhere mentioned ? I was playing round with TM to recover a single file, but this wasn't possible, that's why I went to explore the issue further...
    I now just want to turn off File Vault and finally want to use my TC normally.
    Who can help ?
    Message was edited by: Mike201071

    ....so, it seems to work now.
    I did eventually go through the routine of backing up my home folder manually on the TC, then I created a new account, copied everything back, deleted the old account, and so on, as described in the link above.
    I did not turn on the File Vault, activated TM and backed the whole lot up via Ethernet, switched back to wireless and TM seems to do the trick now.
    I have now access to single folders and files when I go back in time in TM, instead of the whole backup only.
    This seems to be the only way TM & TC are working properly, why is this conflict between File Vault and TM nowhere mentioned ?

  • Problems with snow leopard and file vault

    I just installed snow leopard on my macbook. When I try to log on, I get a message "your home folder is protected by file vault and didn't open, it needs to be repaired. To repair folder and continue logging in click ok."   When I click ok, I get the message "You are unable to log in to the user account at this time. Logging in to the account failed because an error occurred."
    How do you turn off the file vault if you can't log in? Any solutions are greatly appreciated.

    Boot to safe mode by holding the Shift key on boot.
    Then you can turn filevault off and reboot normally.

Maybe you are looking for

  • Error while posting Incoming payments from customers

    Hi Experts,                   when i am trying to post Incoming payments from customers in F-28,The payment difference amount is Rs 5. while simulating the following error  "TAX CODE C2 FOR COUNTRY IN HAS BEEN DELETED OR INCORRECTLY CHANGED" MESSAGE

  • How to convince Externals IronPort is safe to send confidental emails?

    Please can some one in Cisco help me I need to put together a nice docuement peferable with nice graphics if available to explain that Cisco IronPort is a secure means of sending email data and that Iron port uses industry standard high levels of enc

  • Sound for Sending Mail

    I've checked all through the forum and can't find an answer, so I hope this is not a repeat... Is there a way to have a different sound (that I choose) play for sending mail versus receiving mail? I can change the incoming sound in preferences and I'

  • Photoshop Elements 12 locking up

    I am using a Mac with System 10.9.1 and my PSE12 keeps locking up while I am working on a project. The only way to solve at this point is to force shut down and hope I saved very recently. This is frustrating as you can imagine.

  • Shell out from Air/Apollo

    I am running an Air application with the Flex 3 IDE. How can I exec or shell out to execute an external stand alone from within an Actionscript class. I need to play an .mov or .wmv (Apple or Microsoft video). I want the user to be able to choose the