Manualshelf

Setup guide

ManualsBrandsApple ManualsComputer equipmentMac OS X Panther
31323334353637383940
UNCLASSIFIED
UNCLASSIFIED
26
Chapter 4 –
Configuring System Settings
Some users reported data loss under
certain circumstances when using Mac
OS X version 10.3. The 10.3.1 update
addresses these problems. The use of
FileVault is only recommended in version
10.3.1 or later of Mac OS X.
FileVault is not used to protect files transmitted over the network or saved to
removable media. Mac OS X provides methods for encrypting files in these
situations, described in Appendix A.
A master password must be set before FileVault can be activated for any
user accounts. This master password can decrypt any home folder on the
system, which would be necessary if a user forgets his password. The
password should be written down, sealed in an envelope, and stored in a
physically secure location, such as a safe. The master password should not
match the administrator’s password. However, it should at least meet the
selection and changing guidelines for an administrator password. The master
password should be long (greater than 12 characters, and up to 255 characters
long) and contain special characters, mixed case, and numbers.
Although there is no automatic facility for checking the strength of a FileVault
password, the Keychain Access application can be used to perform this sort
of checking. Refer to the keychain section of this guide, found in Chapter 5,
for further instructions.
A strong password is vital to making
FileVault a useful security measure!
If the master FileVault password is lost,
there will be no way to recover a user’s
data if that user also loses his password.
If this data loss risk outweighs the
security benefits of using FileVault,
FileVault should NOT be enabled.
More information on FileVault can be found in Mac Help, available from the
Finder’s Help menu. The topics “About FileVault,” “Encrypting your home
folder,” and “Turning off FileVault” explain how to use FileVault and are the
basis for the instructions below. FileVault must be enabled for a user from
that user’s account by someone with administrative access. FileVault
deactivation must also be performed by an administrator while logged into
the user’s account.