Home » Encryption » Encryption Guides » How To Encrypt Macintosh Or Mac Systems.

How To Encrypt Macintosh Or Mac Systems.

Disclosure: All of our articles are unbased, well researched, and based on a true picture of the story. However we do sometimes get commissions from affiliate sites. Our readers get the best discount from buying from our links. Here is our complete affiliate disclosure.

Apple products, like the rest, are not protected from the target of hackers. Apple is not bulletproof when it comes to vulnerabilities. Extensive Mac Encryption guide.

Earlier this year reported by Palo Alto at CNBC, major ransomware, named “KeRanger,” hit mac users demanding 1 bitcoin (equivalent $400) and was able to bypass Apple’s security check as it was signed with a valid Mac app development system, installed through compromised BitTorrent client “Transmission.” Although, Apple is fast in its security update and patches but hacks like these work silently and attacks without even noticing unless it is too late for the users.

Some of the common risks arise because of unattended mac, weak passwords, outdated security updates, poor information security practices. Hackers look for weak target and attack individuals and business who has the weak security system on their Mac.  Using smart encryption programs and security checks can re-mediate against these attacks. Few best practices are discussed below to make your Mac secure against hacker attacks:

Avoid Using The Administrator Account

Using an administrator account gives you root access to drive to perform crucial system management tasks. It makes it easier for the hackers to log-in to your root system to manipulate your data. Make a non-administrator account for daily tasks, use your administrator account only when you need to perform system changes.

How to create a non-admin account on Mac OS X: https://support.apple.com/kb/PH18891?locale=en_US

Update Apple Software

Apple updates its software regularly, it keeps on patching current and potential vulnerabilities and enhancing software usability on every update. It keeps your system healthy and secure, make sure to frequently update your Mac OSX. To do this follow these steps:

  1. Click on “Apple” menu.
  2. Select “System Preferences” to access its menu.
  3. Select “Software Update” tab.
  4. Checkmark “Check for update” option.
  5. Select frequency to Daily (recommended).

For the manual system update: visit Apple’s support page to check for updates of your Mac OSX version. After downloading your desired update. Check SHA-1 of that file and the checksum SHA-1 written on the support page. To verify SHA-1 follow these steps:

  1. Open Terminal application.
  2. Type in /usr/bin/openssl sha1 filename.dmg
  3. You’ll see output like this:
  4. SHA1(filename.dmg)= f31bc2bbcde84fdfaed5cced8e3f57f609dcdbd2

This SHA-1 checksum should match with the checksum provide by the apple support page. If not then there might be a problem, contact Apple for the issue.

Strongly Encrypted Login Password

It is an encrypted password of your Mac OS X user account. Every program asks for a login password before installing any software application. If you do not set up a login password it would be easier for hackers to manipulate your user account. Make sure to select a strong characters password to ensure your mac encryption. Follow these steps to change or set up login password:

  1. Click on “Apple” menu.
  2. Select “System Preferences” to access its menu.
  3. Select “User & Groups” to access its menu.
  4. Select your username from the list of users.
  5. Click the “Change Password” button, then follow the on-screen instructions.

How to set up login password on Mac: https://support.apple.com/en-us/HT202860

Setup Firmware Password

An encrypted firmware password on your mac prevents from starting up from any unauthorized device other than your start-up disk, for mac encryption. To setup firmware password perform these steps:

  1. Shut down your Mac system.
  2. Start it again and hold “Command + R key” after you hear the start-up sound to access OS X recovery.
  3. When the Recovery window appears, select “Firmware Password Utility” from the utility menu.
  4. In the Firmware Utility window, click on “Turn On Firmware Password.”
  5. Enter your new password twice.
  6. Select “Set Password.”
  7. Click on “Quit Firmware Utility” to close it.
  8. Click on “Apple” menu and select restart, upon restart, your firmware password will be active.

Warning! Don’t forget to save or write your password somewhere safe. If you forget the password, then you’ll have to take your Mac system to the Apple retail store for hard reset.

How to setup firmware password on Mac: https://support.apple.com/en-us/HT204455

How To Encrypt Files On Mac

People ask for how to encrypt files on mac? for that, you can use “FileVault” to Mac file encryption so that unauthorized users can’t access your stored data.

FileVault 2 full-disk encryption, uses an XTS-AES 128-bit mac file encryption (Note: available on OS X Lion or later). To turn on this feature:

  1. Choose “Apple’ menu.
  2. Select “System Preferences” to access its menu.
  3. Select “Security & Privacy”.
  4. Click the FileVault tab to access its menu.
  5. Click on the Lock Button below the windows and enter the administrator’s username and password if it asks.
  6. Click on “Turn On” FileVault.

When FileVault is active, your Mac will always ask for an OS X account password to login to the encrypt Mac files.

How to encrypt files on Mac: https://support.apple.com/en-us/HT204837

Disable Automatic Login And Guest Account

When your Mac user account is set up to automatic login, you Mac automatically log-in to that account without asking to enter the login password. It would make your Mac vulnerable to hacking attempts.   

To disable automatic login, go to:

  1. Click on “Apple” menu
  2. Select “System Preferences” to access its menu.
  3. Select “User & Groups” tab.
  4. Click on Lock button icon, it might ask your administrator password.
  5. Click on “Login Options”
  6. Select “Off” from “Automatic Login” pop-up window.
  7. Select “Name and Password” from “Display login window as” pop-up window.

On this window, you’ll see “Guest User” tab for guest accounts. If it is active, then go to its menu and uncheck “Allow guests to connect to shared folders” and “Allow guests to log-in to this computer.”

How to disable Automatic login on Mac: https://support.apple.com/en-us/HT201476

Secure Home Folder Permissions

Mac OS X has the option to set permissions for file access to ensure mac encryption. Permissions can restrict guests and other users to access your startup disk home folder. You should set strict permissions to prevent modifications to your home folder, to do this follow these steps:

  1. Open the Terminal application
  2. Type in sudo chmod go-rx /Users/username

How to change home folder permission on mac: http://www.macinstruct.com/node/415

Use VPN For Mac Encryption

Today, it is a common practice of hackers to gain access to your network through your original IP and trace it back to its provenance. A VPN can hide your original location with make-over IP to provide privacy and anonymity online if you don’t know much about networks. Use the best VPN for Mac available to ensure mac encryption.

Disable IPv6 And Airport

IPv6 is a new internet protocol to provide easy connectivity. But it also makes an easy targets for hackers to infiltrate. It is recommended to disable AirPort and IPv6 when not in use. To configure changes in IPv6 and AirPort, follow these steps:

  1. Click on “Apple” menu.
  2. Click on “System Preferences” to access its menu.
  3. Click on “Network Pane” tab.
  4. You will have to make changes on each network interface available depending on your device connectivity.
  5. Select a network interface.
  6. Select “AirPort Off,” or “Disconnect when logging out” option, when it is in use frequently.
  7. Select “Advance”. Head over to “TCP/IP” tab, under “Configure IPv6” option set it to OFF, if not necessary.

How to configure IPv6 on Mac: https://support.apple.com/en-us/HT202237

Two-Walls Firewall Security

Mac system security has two firewalls: Application Firewall and IPFW Packet-Filtering Firewall.

Application Firewall

Application firewall set limits to receive incoming connection of programs from other computers on the network. To configure the application firewall follow these steps:

For Mac OS X v10.5.1 or later

  1. Click “Apple” menu
  2. Choose “System Preferences” to access its menu.
  3. Click on ‘Security” tab.
  4. Choose “Firewall” from the menu
  5. Choose modes according to your needs.

For Mac OS X v10.6 and later

  1. Click “Apple” menu
  2. Choose “System Preferences” to access its menu.
  3. Click on ‘Security” or “Security & Privacy.”
  4. Choose “Firewall” from the menu.
  5. Click on the lock button icon and enter administrator login credentials.
  6. Click “Turn On Firewall” or “Start” to activate the firewall for mac encryption.
  7. Click on Advance to customize the firewall according to your needs.

For advance settings of Firewall: https://support.apple.com/en-us/HT201642

IPFW Packet-Filtering Firewall

Setting up the IPFW Firewall requires more expertise and modification in the files. Visit the blog page of University of North Carolina for the “how to” configuration guide.

Change Safari Preferences

Safari, default web-browser of Mac, open a few files automatically. This could lead to potential attacks. Disable a few options for better Safari web-browser experience:

  1. Disable “Open safe files after downloading” from the General tab.
  2. Disable Java, if not necessary. Go to the “Security tab” and untick “Enable Java.”
  3. Use private browsing when surfing the internet to prevent cookies and history.

Photo of author
Waqas is a cybersecurity journalist and writer who has a knack for writing technology and online privacy-focused articles. He strives to help achieve a secure online environment and is skilled in writing topics related to cybersecurity, AI, DevOps, Cloud security, and a lot more. As seen in: Computer.org, Nordic APIs, Infosecinstitute.com, Tripwire.com, and VentureBeat.

Leave a Comment