Mac OS X for the Traveler, Part 3
Pages: 1, 2
The Importance and Difficulty of Using a Firewall On the Go
Firewalls are an essential part of every network-connected user's arsenal now, and chances are that you use a hardware firewall even on your home network to provide an additional layer of protection. Unfortunately, when it comes to connecting your computer to hotel or public networks, using a hardware firewall is not always an option.
If you are not sure of the hotel's connection, you can always try using a NAT device in order to provide an additional layer of protection. Just keep in mind that, since your hotel network probably already uses NAT to split the main network connection out to various rooms, you may experience issues with NAT-sensitive applications (especially streaming and video-conference software).
AirPort base stations will provide you with this feature, as well as the convenience of wireless access in your room. This is especially true now that the AirPort Express base station is shipping. Of course, wireless networks need to be very well-secured, too, so it's up to you to decide whether the risks outweigh the benefits. Consider using WPA with a complex password and access lists for better protection over simple WEP.
If you can't use a firewall, you may want to remove identifying words from your computer's host name so that it cannot be too easily identified from the network.
Encrypting Your Backups
Even though we are going to see how to back up your data in greater detail in a few moments, now seems to be the ideal time to discuss encrypting your backups. That way, we won't have to come back to less-than-thrilling but essential security considerations.
If encrypting everything is easy for you, my advice would be to do so. Indeed, encrypting your data greatly diminishes the fear of losing a backup drive or even your computer. Sure, it's a problem, but you know that nobody will be breaking into your accounts while you are struggling at the local police station trying to explain the difference between a wallet and a 17" PowerBook. On some occasions, it may also help you get your machine back as some less-skilled thieves do not bother trying to understand a computer or a drive that doesn't behave as they expect. Don't count too much on that one, but it happens.
Thanks to FileVault, you can safely encrypt the entire contents of your home directory. Unfortunately if you copy a file from your FileVaulted home directory to removable media, another volume, or anywhere outside your home directory, the destination file will not be encrypted. For us Mac users, the easiest way to proceed is to first create an encrypted disk image through Disk Utility and to then copy files to it. Here is how I do it.
Open Disk Utility, located in your Utilities folder.
Use the "Images" menu in order to create a "New Blank Image."
In the dialog that appears, name the image and set the encryption setting to AES-128, which should provide us with a good level of protection. Then, pick the size of the image, keeping the restriction of your removable media in mind. Make sure that the format is set to "read/write," and confirm.
Next, you will be asked for a password. Pick a good one, keeping in mind that the little "i" button located at the bottom left of the dialog will help you to do so by testing the passwords you will write in the fields. You can uncheck "Remember Password" if you do not want endless backup passwords to clutter your Keychain--when asked to remember a password, Mac OS X will save it in the Keychain and allow you to access it manually (if needed) through the Keychain Access utility. Then, confirm the dialog and let Disk Utility perform its magic.
A new virtual drive will appear on your desktop. Drag the files you want to back up to it and, once you are done, unmount it, as you would unmount any other removable media prior to disconnecting it.
Finally, copy the disk image file onto removable media. Make sure that you give it a meaningful name (again, not too obvious, though). As a general rule, it is a good idea to include the date. For compatibility reasons with various filesystems, do not include special characters in the date--write "040404" for the 4th of April 2004, and not 04/04/04.
Once the file is safely burned or copied onto the removable media, try to open it at least once in order to make sure that the process went smoothly. Finally, delete the disk image from your hard drive and store your backup in a safe place.
If this sounds like a long, tedious process, it's because it is. Luckily, you only need to perform the steps once and will from then on be able to drag files into and out of the virtual volume you created. However, this depends greatly on the media you're using. Backing up to DVD-RWs, for example, is a slow process (but it does provide greater portability), while backing up to an external FireWire drive makes the whole process a snap.
In fact, should you be lucky enough to own a portable FireWire hard drive with a decent storage capacity, you can use an application like Carbon Copy Cloner to back up your FileVault-ed Home folder in one go (the vault will be seen as a mounted volume) as an encrypted disk image on the external drive. Just be careful about not damaging any permissions in the vault (or the vault itself). This tip makes daily backups possible, even on the go, but is potentially riskier since it acts on the vault itself.
If your only FireWire drive is an iPod, keep in mind that the mechanism of these small drives has not been designed for intense use. Your iPod is not a ultra-high-performance, industrial-strength, back-up-everything, portable-storage solution. It will work, yes, but it will be slower and will drain the iPod's battery faster than usual, since copying large files back and forth causes your iPod's drive to work in a more intense fashion than it does in "music player" mode.
When picking your portable hard drive, you may also want to make sure that it has good shielding and resists minor shocks. Some drives, for example, come wrapped in an unsightly but efficient rubber case--although modern designs put the rubber inside the case, making the drive shock-resistant and less of an eyesore at the same time. Drives that support USB2 connections can also be a good choice by providing you with a way to connect them to a PC in the event of a problem.
Of course, you can choose not to encrypt everything. Since encryption is a resource-intensive process, this will make backup time a lot shorter, which will allow you to perform backups more easily and therefore, be better prepared should something ever happen.
Just as you made a list of your hardware assets, you may want to see which files on your hard drive can be backed up without being encrypted. The speedier and the easier the process, the more backups you will make, which is especially important while you are on the go.
Note that these recommendations apply to your online backups, too. Indeed, even while you upload files to your iDisk, they are sent in the clear over the network (even though your login and password are encrypted). This is perfectly fine for files you want to publish on your home page or pictures of your cat, but may be a problem for your more confidential data. It is therefore important that you also encrypt data before uploading it on a remote server. Should you upload your data to a more public server or one you set up yourself, encrypting the data as you encrypted your backups to removable media will also avoid information leaks in case someone breaks into the server while you are away.
In this installment, we've seen a few security best practices that should allow you to avoid most issues while traveling with your Mac and peripherals. However, we have also seen how heavy these operations can be. Unfortunately, heavy operations can quickly become impossible to manage when traveling, which effectively negates our security efforts. Therefore, in the next installment, I'm going to focus on mobility and "keeping things light," which will make traveling with your computer not only productive, but fun too.
Until then, safe travels.
FJ de Kermadec is an author, stylist and entrepreneur in Paris, France.
Return to MacDevCenter.com.