Your Mac is a pretty secure device right out of the box. Because of its Unix underpinnings, Mac OS X isn’t vulnerable to the viruses and malware that can wreak havoc on Windows. And Macs are a less-attractive target for hackers looking to infect the largest number of machines with the least amount of effort, since Windows PCs own a considerably larger chunk of the market. But threats are still out there. Need proof? Check out your firewall log to see what kind of activity is coming through the network pipes toward your Mac. Most of that traffic is legit, but if you dig through even a little, you’ll no doubt find more than a few sketchy entries in there.

OS X’s built-in firewall does a good job of protecting your computer from incoming threats. In Leopard, check your settings by going to System Preferences > Security > Firewall (Tiger users will find their firewall settings in System Preferences > Sharing). But plenty of security risks exist that your Mac’s firewall won’t catch. While viruses on the Mac aren’t the epidemic that they are on Windows PCs, you can still pass along viruses attached to outgoing email. And for laptop users who frequently hook up to the Net via public Wi-Fi hotspots, you never know what kind of security is--or isn’t--protecting that network. And what about your data? All your precious documents are just sitting unprotected, vulnerable to theft by bad guys. One-stop options exist for locking down your data and securing your network connection. We ran Yoggie’s Gatekeeper Pico for Mac and the IronKey Personal through a battery of tests to help you choose the security device that best suits your needs.

Yoggie Gatekeeper Pico For Mac

Show would-be data thieves and hackers who’s in charge by guarding your computer with this plug-n-protect device.

After you load the included software, the Yoggie Gatekeeper Pico becomes a full-time security guard for your Mac and all your data.

Yoggie’s Gatekeeper Pico is a hardware security device--basically a mini computer packed with security applications that attaches to your machine via USB. It sports its own Linux operating system, RAM, and 12 security apps onboard to protect your machine from viruses, spyware, and all manner of nefarious attacks. It also features Web filtering (i.e., parental controls), customizable email spam controls, and can even connect your Mac to the anonymous Tor network (see “Tor: What Is It Good For?” below), so that not even the geeks at your Internet service provider will know about your addiction to perezhilton.com.

Despite the industrial-strength security it provides, installing the Gatekeeper on our system was a snap. After loading software from the included CD, we plugged the device into a USB port--it’s the size of a standard USB flash drive. Then the Gatekeeper updated its software automatically, and we were ready to roll.

Configuring security settings is simple. The Gatekeeper uses a browser-based control panel for system configuration and monitoring. Inexperienced users can simply set it and forget it, while advanced users get a whole host of configurations options to meet specific needs.

Gatekeeper’s Status panel keeps track of incoming threats.

Beginners can simply choose from High, Medium, or Low security levels. Unfortunately, Yoggie’s rather tight-lipped about what each of the settings really means, and we had to dig through online tech support articles to find out the differences between them. Even then, the answer was a chart of protocols, rather than a plain-English explanation that a non-IT user could understand. While we certainly understand there is a high-level of intricacy involved in network security, since the Gatekeeper Pico is designed and marketed as a consumer-level device, we were expecting much more thorough and coherent documentation to describe the huge number of available options.

For more advanced users--or those with solid Google-fu to help them understand the choices--the Gatekeeper Pico offers a host of custom options for locking down your system. You can filter Web content by selecting categories of banned sites or create custom white- or blacklists. The Gatekeeper can also be set up to surf the Web anonymously via the Tor network. This will slow down your browsing quite a bit, but for users who need anonymous http connections, the option to surf completely anonymously might well be worth the price of admission.

Because the Gatekeeper offloads all the security processes from your Mac to its own processor, Yoggie claims it can actually speed up your machine, compared to how fast it would run if you just installed software-based security. In our tests, speed gains were slight and not significant enough to be noticeable on a MacBook or iMac. More important than slight performance gains, however, is the tightened security. Since the security features of the Gatekeeper are hardware-based, they’re not vulnerable to attack the way that software firewalls and antivirus apps can fall prey to malware designed to disable your software protection.
 
Because of its small form factor, the Gatekeeper is portable, making it easy to protect any Mac you happen to be using. By default, once the Gatekeeper software is installed on a machine, network connections are disabled if the device is removed from the machine, preventing users from insecurely accessing the network by accident. We also appreciate the option to override that feature, in the event that the USB device is lost or stolen. The Gatekeeper Pico comes with one year of free, secure software updates for the device. After that, a $30 per year subscription will keep your Gatekeeper up to date with the latest security software.

THE BOTTOM LINE:
Gatekeeper Pico offers top-notch, hardware-based security in a portable package. We only wish it had more thorough documentation that would allow users to make appropriate, informed choices about securing their Macs.

COMPANY: Yoggie Security Systems
CONTACT: www.yoggie.com
PRICE: $149
REQUIREMENTS: Mac OS 10.4 or later, USB port
Simple to set up. Comprehensive suite of security applications. Can deny network access when device is removed.

Online and electronic documentation can be vague at times. Security novices could become overwhelmed.

Ironkey Personal

This gadget’s No. 1 job is to keep your data secret and secure--we just wish it were more Mac-friendly.

 
Like an army jeep, IronKey Personal does what it’s meant to do, without offering a lot of extras.

IronKey’s line of hard-core flash drives are the stuff that action-movie heroes and paranoid privacy freaks dream about. On the outside, the rugged metal case is waterproof, and the drive itself is protected against both physical and electronic attacks. While the military-grade encryption housed on the device is strong enough to keep state secrets, well, secret, this USB drive is geared toward consumers looking for some electronic privacy, making the IronKey Personal a good place to stash your tax returns, banking records, website passwords, secret family recipes, and anything else you need to keep from prying eyes.

With some major caveats for Mac users, the IronKey works right out of the box. Software and documentation come on the drive itself, and there are no drivers or applications to install on your Mac before you use it. The first time you mount the IronKey, an app called IronKey Unlocker will prompt you to create a password for the device. Entering a password creates a secure key stored on the device. And pick something good, because that password is what stands between your secret information and the bad guys. From that point, mounting the drive requires entering your password, which can be changed at any time.

Your data is stored in on the drive after being encrypted by onboard hardware that can’t be hacked or turned off. To protect against brute force attempts to guess your password, the IronKey will delete your files after 10 incorrect password entries--so be sure you have backups somewhere. And the device itself needs to be removed and reconnected after three failed password attempts. The drive itself can also detect physical tampering, destroying your data if the case is compromised. So you can rest assured that if your drive is lost or stolen, the data it contains will remain unusable to anyone else. Pretty sweet, although unfortunately that’s where the good news ends, at least for Mac users.

The IronKey is multiplatform and supports Mac, Windows, and Linux environments. Unfortunately, however, the majority of the IronKey’s additional security features are Windows only.

For Windows users, IronKey also includes a secured version of Mozilla’s Firefox browser, which can be set up to access the Internet via IronKey’s private Tor network for added security. Mac users could mimic some of that functionality by grabbing a copy of Portable Firefox (www.freesmug.org/portableapps/firefox). Using the Windows-only IronKey Control Panel software, you can create a lost-and-found message to be displayed in the IronKey Unlocker so that Good Samaritans who stumble across your lost drive can contact you.

Windows users also have the ability to use IronKey’s secure Password Manager and a virtual keyboard--both handy for using your IronKey on foreign computers. The Password Manager makes all your login info portable and secure, while the virtual keyboard can be invoked to thwart any keyloggers that may be lurking on the machine you’re using.

IronKey also offers encrypted backup of device contents--again, only for Windows users. Using the Secure Backup client, you can send some or all of your encrypted files into a local encrypted backup, to protect against your IronKey device getting lost or stolen. And via the MyIronKey service, you can store your access credentials for your IronKey device, in the event that you forget your password--and set up monitoring to report on any interactions with your online account.

For those who have a mixed environment of Mac and Windows computers, the suite of security options that come with IronKey Personal offer several useful features. But for Mac-only setups, the IronKey’s hardware encryption is its only truly useful feature.

THE BOTTOM LINE:
Hardware-based encryption and rugged, tamper-proof construction is compelling, but for Mac-only users, the lack of support for IronKey’s other security features is disappointing.

COMPANY: IronKey
CONTACT: www.ironkey.com
PRICE: $79, 1GB; $109, 2GB; $149, 4GB; $199, 8GB
REQUIREMENTS: Mac OS X, USB 2.0 port
Built-in hardware encryption. Waterproof. Hardware and software is tamper-resistant. Multiplatform (Mac, Windows, Linux).

Nearly all features are Windows-only. Mac support limited to encrypted storage.

NEXT: Utilities to protect your data. 

TOR:  What is it good for?

Vidalia simplifies Tor with a convenient GUI. See www.torproject.org/vidalia to download it.

Tor is a distributed network for allowing anonymity on the Web. By rerouting your browsing sessions through a volunteer network of relays, using Tor prevents someone spying on a network from figuring out which sites you’re visiting. It also keeps websites from knowing where you’re located based on your IP address, which can be tied to a specific user at a specific Internet service provider. Traffic over Tor is encrypted as it travels across the network, so anyone intercepting your traffic midstream won’t know what you’re requesting or who requested it.

Why use Tor? Anytime you send information over the Net, it’s vulnerable to being intercepted. And anyone from the IT guy in your office, to employees of your ISP, to admins at your favorite website can tell where you’ve been, and where you’re going on the Internet--not to mention where you’re at as you surf. And it’s not just crooks who need to cover their tracks. Everyone from soccer moms researching medical conditions to journalists covering political issues could use a little online anonymity now and then.

How can I protect myself with Tor? A device like the Gatekeeper Pico can enable anonymous browsing automatically on your Mac, or you can set it up yourself to work with your browser. For more information on using Tor, see www.torproject.org.

How to Encrypt any USB Device

Disk Utility has everything you need to stash your secret stuff.

Specialized hardware like the IronKey Personal can offer military-grade encryption for your super-secret files. But plenty of free software offers data encryption too--including some options built in to your Mac. Using Apple’s Disk Utility, you can encrypt any USB hard drive. The open-source TrueCrypt (free, www.truecrypt.org) is highly portable, and it plays well with others.

Encrypt a DMG with Disk Utility. Fire up Disk Utility, create a new disk image small enough to fit on a flash drive, and enable 128- or 256-bit AES encryption (if it’s strong enough for the U.S. government, it’s probably good enough for your website passwords and holiday shopping lists). Specify a password, and drag the resulting DMG file onto a USB drive. Opening that disk image will prompt you for a password, before mounting on your Mac as a separate volume. Drag files to and from it as needed, and when you unmount the volume, everything gets locked up tight again.

TrueCrypt’s Wizard interface can walk you through encrypted volume creation.

Use TrueCrypt for cross-platform data security. Similar to creating an encrypted disk image, the open-source TrueCrypt can also create encrypted volumes that can be carried on a flash drive. TrueCrypt offers some additional encryption schemes for more security and can perform several handy tricks, like disguising an encrypted image as another type of file. Additionally, TrueCrypt can hide an encrypted TrueCrypt volume inside another volume, so that your secrets will remain safe, even if you’re forced to reveal your password--a useful safeguard for international superspies and the paranoid alike. TrueCrypt is available for Mac, Windows, and Linux, so it’ll work practically anywhere.