How To Encrypt Macintosh Or Mac Systems

Last updated: March 27, 2024 Reading time: 7 minutes
Disclosure
Share
Encrypt Macintosh Or Mac Systems
KEY TAKEAWAYS

Apple products, like the rest, are not protected from the target of hackers. Apple is not bulletproof when it comes to vulnerabilities. Extensive Mac Encryption guide.

Earlier this year, reported by Palo Alto at CNBC, major ransomware, named “KeRanger,” hit Mac users demanding 1 bitcoin (equivalent $400) and was able to bypass Apple’s security check as it was signed with a valid Mac app development system, installed through compromised BitTorrent client “Transmission.” Although Apple is fast in its security update and patches, hacks like these work silently and attack without notice unless it is too late for the users.

Some common risks arise from unattended Mac, weak passwords, outdated security updates, and poor information security practices. Hackers look for weak targets and attack individuals and businesses with weak Mac security systems.  Using innovative encryption programs and security checks can remediate these attacks. A few best practices are discussed below to make your Mac secure against hacker attacks:

Avoid Using The Administrator Account

An administrator account gives you root access to drive to perform crucial system management tasks. It makes it easier for hackers to log in to your root system to manipulate your data. Make a non-administrator account for daily tasks, and use your administrator account only when you need to perform system changes.

How to create a non-admin account on MacOS X: https://support.apple.com/kb/PH18891?locale=en_US

Update Apple Software

Apple updates its software regularly, patching current and potential vulnerabilities and enhancing software usability with every update. It keeps your system healthy and secure; update your Mac OSX frequently. To do this, follow these steps:

  1. Click on the “Apple” menu.
  2. Select “System Preferences” to access its menu.
  3. Select the “Software Update” tab.
  4. Checkmark the “Check for update” option.
  5. Select the frequency to Daily (recommended).

For the manual system update: visit Apple’s support page to check for updates to your Mac OSX version. After downloading your desired update. Check the SHA-1 of that file and the checksum SHA-1 written on the support page. To verify SHA-1, follow these steps:

  1. Open Terminal application.
  2. Type in /usr/bin/openssl sha1 filename.dmg
  3. You’ll see output like this:
  4. SHA1(filename.dmg)= f31bc2bbcde84fdfaed5cced8e3f57f609dcdbd2

This SHA-1 checksum should match the checksum provided by the Apple support page. If not, there might be a problem; contact Apple.

Strongly Encrypted Login Password

It is an encrypted password of your Mac OS X user account. Every program asks for a login password before installing any software application. If you do not set up a login password, it would be easier for hackers to manipulate your user account. Make sure to select a strong characters password to ensure your Mac encryption. Follow these steps to change or set up a login password:

  1. Click on the “Apple” menu.
  2. Select “System Preferences” to access its menu.
  3. Select “User & Groups” to access its menu.
  4. Select your username from the list of users.
  5. Click the “Change Password” button, then follow the on-screen instructions.

How to set up login password on Mac: https://support.apple.com/en-us/HT202860

Setup Firmware Password

An encrypted firmware password on your Mac prevents you from starting up from any unauthorized device other than your start-up disk for Mac encryption. To set up a firmware password, perform these steps:

  1. Shut down your Mac system.
  2. Start again and hold the “Command + R key” after you hear the start-up sound to access OS X recovery.
  3. When the Recovery window appears, select “Firmware Password Utility” from the utility menu.
  4. In the Firmware Utility window, click on “Turn On Firmware Password.”
  5. Enter your new password twice.
  6. Select “Set Password.”
  7. Click on “Quit Firmware Utility” to close it.
  8. Click on the “Apple” menu and select restart; your firmware password will be active upon restart.

Warning! Don’t forget to save or write your password somewhere safe. If you forget the password, then you’ll have to take your Mac system to the Apple retail store for a hard reset.

How to setup firmware password on Mac: https://support.apple.com/en-us/HT204455

How To Encrypt Files On Mac

People ask how to encrypt files on Mac? for that; you can use “FileVault” for Mac file encryption so that unauthorized users can’t access your stored data.

FileVault 2 full-disk encryption uses an XTS-AES 128-bit Mac file encryption (Note: available on OS X Lion or later). To turn on this feature:

  1. Choose the “Apple’ menu.
  2. Select “System Preferences” to access its menu.
  3. Select “Security & Privacy”.
  4. Click the FileVault tab to access its menu.
  5. Click on the Lock Button below the windows and enter the administrator’s username and password if it asks.
  6. Click on “Turn On” FileVault.

When FileVault is active, your Mac will always ask for an OS X account password to log in to the encrypted Mac files.

How to encrypt files on Mac: https://support.apple.com/en-us/HT204837

Disable Automatic Login And Guest Account

When your Mac user account is set up to automatic login, your Mac automatically log-in to that account without asking to enter the login password. It would make your Mac vulnerable to hacking attempts.   

To disable automatic login, go to:

  1. Click on the “Apple” menu
  2. Select “System Preferences” to access its menu.
  3. Select the “User & Groups” tab.
  4. Click on the Lock button icon; it might ask for your administrator password.
  5. Click on “Login Options”
  6. Select “Off” from the “Automatic Login” pop-up window.
  7. Select “Name and Password” from the “Display login window as” pop-up window.

You’ll see the “Guest User” tab for guest accounts in this window. If it is active, go to its menu and uncheck “Allow guests to connect to shared folders” and “Allow guests to log in to this computer.”

How to disable Automatic login on Mac: https://support.apple.com/en-us/HT201476

Secure Home Folder Permissions

Mac OS X can set permissions for file access to ensure Mac encryption. Permissions can restrict guests and other users from accessing your startup disk home folder. You should set strict permissions to prevent modifications to your home folder. To do this, follow these steps:

  1. Open the Terminal application
  2. Type in sudo chmod go-rx /Users/username

How to change home folder permission on Mac: http://www.macinstruct.com/node/415

Use VPN For Mac Encryption

Today, it is a common practice for hackers to gain access to your network through your original IP and trace it back to its provenance. A VPN can hide your original location with a make-over IP to provide privacy and anonymity online if you don’t know much about networks. Use the best VPN for Mac available to ensure Mac encryption.

Disable IPv6 And Airport

IPv6 is a new internet protocol to provide easy connectivity. But it also makes it an easy target for hackers to infiltrate. It is recommended to disable AirPort and IPv6 when not in use. To configure changes in IPv6 and AirPort, follow these steps:

  1. Click on the “Apple” menu.
  2. Click on “System Preferences” to access its menu.
  3. Click on the “Network Pane” tab.
  4. Depending on your device connectivity, you must make available changes to each network interface.
  5. Select a network interface.
  6. Select the “AirPort Off” or “Disconnect when logging out” option when it is in use frequently.
  7. Select “Advance.” Head over to the “TCP/IP” tab, under the “Configure IPv6” option, and set it to OFF if unnecessary.

How to configure IPv6 on Mac: https://support.apple.com/en-us/HT202237

Two-Walls Firewall Security

Mac system security has two firewalls: Application Firewall and IPFW Packet-Filtering Firewall.

Application Firewall

Application firewalls set limits to receive incoming connections of programs from other computers on the network. To configure the application firewall, follow these steps:

For Mac OS X v10.5.1 or later

  1. Click the “Apple” menu
  2. Choose “System Preferences” to access its menu.
  3. Click on the ‘Security” tab.
  4. Choose “Firewall” from the menu.
  5. Choose modes according to your needs.

For Mac OS X v10.6 and later

  1. Click the “Apple” menu
  2. Choose “System Preferences” to access its menu.
  3. Click on ‘Security” or “Security & Privacy.”
  4. Choose “Firewall” from the menu.
  5. Click on the lock button icon and enter administrator login credentials.
  6. Click “Turn On Firewall” or “Start” to activate the firewall for Mac encryption.
  7. Click on Advance to customize the firewall according to your needs.

For advanced settings of the Firewall: https://support.apple.com/en-us/HT201642

IPFW Packet-Filtering Firewall

Setting up the IPFW Firewall requires more expertise and modification of the files. Visit the University of North Carolina blog page for the “how to” configuration guide.

Change Safari Preferences

Safari, the default web browser of Mac, opens a few files automatically. This could lead to potential attacks. Disable a few options for a better Safari web browser experience:

  1. Disable “Open safe files after downloading” from the General tab.
  2. Disable Java if not necessary. Go to the “Security tab” and untick “Enable Java.”
  3. Use private browsing when surfing the internet to prevent cookies and history.

Share this article

About the Author

Waqas is a cybersecurity journalist and writer who has a knack for writing technology and online privacy-focused articles. He strives to help achieve a secure online environment and is skilled in writing topics related to cybersecurity, AI, DevOps, Cloud security, and a lot more. As seen in: Computer.org, Nordic APIs, Infosecinstitute.com, Tripwire.com, and VentureBeat.

More from Iam Waqas

Related Posts