Wednesday, 7 April 2010

Full Disk Encryption & PGP email for the Mac

As a security specialist, my own systems need to be secure, so it's my policy that most of my systems should employ full-disk encryption (FDE).  The only exceptions are servers - since these won't restart after a power failure in they use FDE.   I also want to be able to send PGP-encrypted emails, for example for business correspondence, or for bike club membership administration.

FDE provides protection in two ways.  Firstly, if someone steals your computer, they don't get all your files (unless it was up and running with no screen lock password when they stole it).  Secondly, if someone temporarily gains physical access to your computer, it's harder - although by no means impossible - for them to install a trojan to steal passwords or give them a remote shell.