Securing Your Mac

A. Open the CrashPlan application

Under MacOS: Choose "Show CrashPlan" from the Crashplan icon in the menu bar at the top-right of the screen, or run CrashPlan from the Applications folder.

Once CrashPlan begins the back up, it scans the total number of files on your machine before proceeding with its initial backup, which may take several days to complete.

B. Check Progress Bar

As the backup proceeds, the progress bar under the BackUp tab will indicate how far along you are in the process. Before encrypting your computer, you should make sure all of the files initially scanned by CrashPlan have been backed up.

Note: CrashPlan is constantly backing up your files while you work. Since it cannot backup any documents that you may currently have open and be working on, the progress bar may not show the backup as being 100% complete, though all of the files initially scanned by CrashPlan have been backed up.

Overview

The Disk Health test will look for problems with your disk and data using diagnostic tools available natively within the operating system of your machine. If a problem is found you should not proceed to the encryption step and you should call the IRT Service Desk at 650-725-8000 for assistance. This step can take anywhere from 15 minutes to several hours to complete and you may notice some degradation of performance while it is running.

Check Filesystem for Errors

To check the MacOS filesystem for errors, use Disk Utility to perform a filesystem check, otherwise known as a 'fsck'.

Note: This step can take anywhere from 15 minutes to several hours to complete and you may notice some degradation of performance while it is running.

• Open Disk Utility from the Utilities folder in the Applications folder.
• Select the hard disk (often "Macintosh HD" but can be named something else).
• Choose "Verify Disk" from the "First Aid" tab.
• Inspect the output for errors (which will be colored in red).
• If a problem is found, please contact the IRT Service Desk for assistance in repairing the issues.

A. 10.9 Upgrade Requirements

Your Mac must be running OS X 10.6.8 or later, and also be one of the following models:

• iMac (Mid 2007 or newer)
• MacBook (Late 2008 Aluminum, or Early 2009 or newer)
• MacBook Pro 13-inch (Mid-2009 or earlier)
• MacBook Pro 15-inch (Mid/Late 2007 or newer)
• MacBook Pro 17-inch (Late 2007 or newer)
• MacBook Air (Late 2008 or newer)
• Mac mini (Early 2009 or newer)
• Mac Pro (Early 2008 or newer)
• Xserve (Early 2009)

B. Verify Eligibility

You can find out if your current Mac qualifies by clicking the Apple icon at the top left of your screen, choosing About This Mac, then clicking More Info.

i. On Lion, you will see a window showing the model name and specifics:

ii. On MacOS 10.6 Snow Leopard and earlier, you will see a system profile window that includes the Model Identifier. You can then look up that Model Identifier at [this site].

C. Purchase license

MacOS 10.9 is not a free upgrade for users of previous OS releases. Any users running an OS earlier than 10.6.8 should update to Snow Leopard and install it first; subsequent updates can only go through the Apple App store.

To buy an individual license, point a web browser at the App Store Link.

Organizations wishing to purchase 20 or more licenses at a time can purchase Volume Licenses for $9.99/seat through SmartMart. Click on the Apple punch-out, then search for item D6358Z/A.

Once Volume Licenses are purchased, the purchaser will receive redemption codes from Apple and can distribute them to their staff. Staff will open the App Store, click "Redeem" under "Quick Links" and enter the redemption code to be credited for a Mountain Lion download.

D. Install Mountain Lion

After purchasing Mountain Lion, the App Store will download Install OS X Mountain Lion.app (~4.4GB) into the /Applications folder. It will also launch the installer immediately.

The following screens should be clicked through, then the machine will reboot. On reboot, it will install the new OS version and reboot once more.

This whole process takes around half an hour on a reasonably modern machine with SSD (Macbook Pro dual-core-i7, 4GB RAM, 256GB SSD) - expect it to take longer on older and slower hardware.

Overview

If your machine is not capable of encryption using FileVault Encryption, or you have any questions about the encryption process, please contact the IRT Service desk at 725-8000.

If your computer is already encrypted with one of the School's standard methods, you do not need to take any further action at this time. This will be registered in BigFix and your machine will be recorded as fully compliant with the data security policy.

If a computer is currently encrypted with a method other than one of the School's standard methods, it does not need to be re-encrypted at this time. If you wish to switch to SWDE, which involves software built into your operating system, IRT can help you uninstall older encryption software first, such as Macafee Endpoint or PGP.

Encryption will be installed using Stanford's SWDE ("suede") Installer. To provide the highest level of privacy protection for High and Moderate Risk data, the installation process includes setting vital configuration options designed to protect your computer. You will be notified of any changes to settings during the process and will have the option of canceling if you'd like to ask any questions about them.

As part of the SWDE installer, an encryption key will be stored which can be used to access your data if you forget your password. Stanford will store this key securely and it will be only be used in accordance with University privacy policies to restore data at your direction, as part of a legitimate investigation, or as compelled by legal process.

For a general overview of what SWDE does, and what to expect, see: Getting Started With SWDE »

For a full list of operations performed by this installer, see: Mac Requirements »

A. Download encryption installer

Before starting the installation, make sure your computer is on AC power and has an active network connection.

Whole Disk Encryption can take up to 10 hours, so you may want to install the the software at the end of the day and let the encryption run overnight. You can use your computer during the encryption process, but certain activities may be noticeably slower.

B. Launch SWDE installer: Enrollment

Launch the installer and follow along with the step-by-step instructions at: SWDE for Mac »

If you need help, call the IRT Service Desk at 725-8000 x5

A. Overview

By default, the School of Medicine CrashPlan backup service will back up the contents of all local drives in the host computer. This includes all user files, applications, and other data. This is the safest policy in the event of a system failure, as anything that was on the machine can be restored from the backup server.

Some people may be uncomfortable storing personal information on a computer that backs up to the School's backup servers, though the School of Medicine will only access such information as necessary to restore a system at the user's direction, as part of a legitimate investigation, or as compelled by legal process.

Should you wish to exclude individual files or directories from your backups, you can do so from within the CrashPlan application. Files excluded in this manner will be automatically purged from the backup archive. Any personal data so identified that had been previously backed up will be automatically and permanently deleted from the backup system but will remain on the computer.

All Stanford data must remain on the computer and be available for back up.

B. Open the CrashPlan application

C. Go to Files Section

In the Backup tab of the CrashPlan application there will be a section titled "Files" - this lists all the backup sources. By default, it will include the "/" directory on MacOS machines. It may also include other drives or directories if there are multiple internal drives attached to the computer.

D. Click the "Change" button to bring up the Change File Selection dialog box

• You may un-check any files or folders that you do not want to back up.
• Click "Save" to save your changes.
• Warning: All Stanford data must be backed up - only use this function to exclude personal data that you do not want backed up.