These include Dell Data Protection | Encryption, McAfee Complete Data Protection and Sophos SafeGuard. That being said, there are many commercial products available that can be added onto Mac OS X systems to centrally manage FileVault 2 configurations. ManagementįileVault 2 is intended for local management, as Apple does not provide any centralized management capabilities for the FDE product.
Again, the use of commercial add-on products can provide additional, more desirable and secure options for key recovery. Similarly, by default FileVault 2 user recovery keys are either written down (or captured in a user screenshot) or are stored on an Apple server and protected through security questions. However, as discussed below, there are a variety of commercial add-on products available that add management and configuration capabilities to FileVault 2 implementations, so it is possible to add multifactor authentication using one of these products. It is generally recommended to use multifactor authentication - and certainly not to simply duplicate OS credentials - when authenticating users before system boot. Simply put, certification indicates that major known cryptographic weaknesses were checked for and not found.Ī disadvantage of using FileVault 2 is that it uses the user's Mac OS X password. FIPS 140-2 certification indicates successful independent testing of a product to confirm that it adheres to certain cryptographic implementation requirements. The latest versions of Mac OS X, starting with 10.9, support 256-bit AES keys, so organizations wishing to enable FileVault 2 on legacy systems should be cautious about the 128-bit key strength present in older Mac OS X versions, Lion (10.7) and Mountain Lion (10.8).įileVault 2 has been validated as being Federal Information Processing Standard (FIPS) 140-2-certified on the latest versions of the Mac OS. Although 128-bit keys are technically acceptable in many environments, organizations are rapidly moving toward 256-bit keys to thwart emerging threats. Until mid-2013, it only supported the use of 128-bit keys, not 256-bit keys. Encryption and authentication supportįileVault 2 uses the Advanced Encryption Standard (AES) encryption algorithm, which delivers robust protection for stored data. Apple FileVault 2 has been supported by every version of Mac OS X since 10.7, including the current release. In Mac OS X 10.7 ("Lion"), Apple redesigned FileVault and reintroduced as Apple FileVault 2, with full FDE capabilities. Technically speaking, the original FileVault did not have FDE capabilities rather, it provided volume encryption to protect a user's home directory, but it did not offer boot-time protection for other data or the OS itself. Apple originally introduced FileVault as a feature of Mac OS X 10.3 (also known as "Panther").
0 kommentar(er)
