hipaa%101 ......use a passcode with your iphone, ipad, or ipod touch learn how to set, use, and...
TRANSCRIPT
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) Rules provide federal protections for patient health information held by Covered Entities (CEs) and Business Associates (BAs) and give patients an array of rights with respect to that information. This suite of regulations includes the Privacy Rule, which protects the privacy of individually identifiable health information; the Security Rule, which sets national standards for the security of electronic Protected Health Information (ePHI); and the Breach Notification Rule, which requires CEs and BAs to provide notification following a breach of unsecured Protected Health Information (PHI). CEs must comply with the HIPAA Privacy, Security and Breach Notification Rules. What You Need to Know: LifeCare of Florida has a strong and abiding commitment to ensure its HIPAA activities are conducted in accordance with applicable law. This document is the result of this commitment and provides the necessary tools and strategies that allow for organization-‐wide compliance and protection of our patients’ protected health information on personal devices that are used for operational purposes. What Is Included: This manual provides the practical “how to” information to comply with LifeCare security policies . Please review the manual carefully and, at completion, a Notification of Compliance Form will need to be submitted to LifeCare.
HIPAA 101:
08 Fall
Know the RISKS.
LifeCare utilizes a “Bring Your Own Device” (BYOD) policy for the therapy team which includes Employees and Independent Contractors. Business operations, which include field/in-‐home services, require the use of mobile devices and, thus, increases the risk for potential unauthorized access to ePHI. While risks vary based on the mobile devise and its use, some risks include:
• Lost or stolen device; • Inadvertently downloading viruses or other malware; • Unintentional disclosure to unauthorized users; • Using an unsecured Wi-‐Fi Network.
Take the STEPS. Protect and SECURE. ü Participate in and review all Training Materials Provided by LifeCare ü Keep your passwords and devices private; ü Enable and keep current the Mobile Device Security Settings; ü Keep your mobile device with you at all times ü Protect/guard your screen during use ü Report ANY potential breach or risk to your PHI (unauthorized use, loss or theft of device)
One laptop is stolen every 53 seconds
113 cell phones are lost or stolen every 60 seconds in the US
80 percent of the cost of a lost laptop is from data breach
Learn more at http://www.HealthIT.gov/mobiledevices
Mobile Device Security
How to Secure Your Device
Task How Do I?
Activate password or other user authentication to log in to device
Help for Windows
Help for MAC/OSX
Activate automatic log-‐out after a period of inactivity
Help for Windows
Help for MAC/OSX
Install and enable encryption software
Help for Windows
Help for MAC/OSX
Install and enable remote wiping and/or disabling Help for Android
Help for iPhone/iPad
Install and enable a firewall / security software
Help for Windows
Help for MAC/OSX
Establish and use secure e-‐mail settings Help for Android
Help for iPhone/iPad
Disable and do not install file sharing applications
A breach is, an impermissible use or disclosure under the Privacy Rule that compromises the security or
privacy of the protected health information. An impermissible use or disclosure of protected health information is presumed to be a breach unless the covered entity or business associate, as applicable, demonstrates that there is a low probability that the protected health information has been compromised based on a risk assessment of at least the following factors:
All individuals who are affiliated with LifeCare as an employee, Independent Contractor or Business
Associate are required to immediate report to LifeCare’s Security Officer any suspected or confirmed breach that may have occurred.
Breach Notification
Use a passcode with your iPhone, iPad, or iPod touchLearn how to set, use, and change a passcode on your iOS device.
Set a passcode on your iOS device to help protect your data. Each time you turn on or wake your device,you'll need to unlock it with your passcode. If your device supports Touch ID, you can use your fingerprintinstead of a passcode.
Here's when you'll enter your passcode:
Turn on or restart your deviceSlide to unlock your screen (you can change this)Update your softwareErase your device
Set your passcode1. Go to Settings > Touch ID & Passcode. On devices without Touch ID, go to Settings > Passcode:
2. Tap Turn Passcode On.
3. Enter a six-digit passcode. Or tap Passcode Options to switch to a four-digit numeric code, a customnumeric code, or a custom alphanumeric code.
4. Enter your passcode again to confirm it and activate it.
Change your passcode or passcode settingsTo change your passcode or passcode settings, go to Settings > Touch ID & Passcode. On devices withoutTouch ID, go to Settings > Passcode.
You'll find several settings and options:
Turn Passcode Off.Change your passcode. Enter a new, six-digit passcode. Or tap Passcode Options to switch to a four-digit numeric code, a custom numeric code, or a custom alphanumeric code.Require Passcode—Immediately: By default, as soon as you lock your screen, you'll need to enter yourpasscode to unlock it. If you don't want to need your passcode immediately, change this setting.Allow Access When Locked: Allow access to some features when your device is locked,including Notifications View, Siri, and Control Center.Erase Data: Choose whether to erase your device automatically after ten failed passcode attempts.
Can’t turn off your passcode or change passcode settings?Passcode settings might be unavailable, gray, or dimmed. If you can't change these settings, it might bebecause you're using a configuration profile that requires a passcode. This is common with business oreducation devices. Contact your IT administrator for more information.
Forget your passcode?If you or someone else enters the wrong passcode too many times, your device will disable itselftemporarily. Get help if you forgot your passcode or your device is disabled.
Learn what to do if you forgot your Restrictions passcode.
LifeCare of Florida, LLC
Instructions to Create Encrypted Folder on Workstation Using VeraCrypt
Part I: Install VeraCrypt
Step 1
Go to: https://veracrypt.codeplex.com/
Select Download
LifeCare of Florida, LLCInstructions to Create Encrypted Folder on Workstation Using Veracrypt
Part I: Install VeraCrypt
Page 2
Step 2
Save File
Step 3
Go to your downloads:
Start> Computer > Downloads
LifeCare of Florida, LLCInstructions to Create Encrypted Folder on Workstation Using Vera crypt
Part I: Install VeraCrypt
Page 3
Step 4
To Install VeraCrypt:
Double Click VeraCrypt Setup 1.15
Accept license agreement
Select Install
Accept default folder settings; click on Install
Click on "okay" when installation is complete
Congratulations:
VeraCrypt is successfully installed on your computer
LifeCare of Florida, LLC
Instructions to Create Encrypted Folder on Workstation Using Veracrypt
Part II: Create an Encrypted Folder on Workstation
Step 1
To launch VeraCrypt
Start > VeraCrypt
Step 2
Select:
Create Volume
LifeCare of Florida, LLCInstructions to Create Encrypted Folder on Workstation Using Veracrypt
Part II: Create an Encrypted Folder on Workstation
Page 2
Step 3
Select:
Create an encrypted file container
LifeCare of Florida, LLCInstructions to Create Encrypted Folder on Workstation Using Veracrypt
Part II: Create an Encrypted Folder on Workstation
Page 3
Step 4
Select:
Standard VeraCrypt volume
LifeCare of Florida, LLCInstructions to Create Encrypted Folder on Workstation Using Veracrypt
Part II: Create an Encrypted Folder on Workstation
Page 4
Step 5
Select:
Click on Select File
LifeCare of Florida, LLCInstructions to Create Encrypted Folder on Workstation Using Veracrypt
Part II: Create an Encrypted Folder on Workstation
Page 5
Step 6
Navigate to the folder location that you would like to keep the secure files.
Note: VeraCrypt WILL CREATE this folder for you, so you do not need to create it; you just
need to designate the folder location and the file name. and click save.
In this case example, the folder is being named "LifeCare Secure Data."
Step 7
Select: Next
LifeCare of Florida, LLCInstructions to Create Encrypted Folder on Workstation Using Veracrypt
Part II: Create an Encrypted Folder on Workstation
Page 6
Step 8
Accept default encryption options and select next.
LifeCare of Florida, LLCInstructions to Create Encrypted Folder on Workstation Using Veracrypt
Part II: Create an Encrypted Folder on Workstation
Page 7
Step 9
Select size of folder- Consider the amount of files that will need to be stored in this
folder. In this example, 10 GB is being selected.
LifeCare of Florida, LLCInstructions to Create Encrypted Folder on Workstation Using Veracrypt
Part II: Create an Encrypted Folder on Workstation
Page 8
Step 10
Select a password to protect the folder. The recommended length for the password is
20 characters.
Then, click next
LifeCare of Florida, LLCInstructions to Create Encrypted Folder on Workstation Using Veracrypt
Part II: Create an Encrypted Folder on Workstation
Page 9
Step 11
Answer no to the storage of large files. There is no LifeCare file that would
be so large as to answer yes to this question.
LifeCare of Florida, LLCInstructions to Create Encrypted Folder on Workstation Using Veracrypt
Part II: Create an Encrypted Folder on Workstation
Page 10
Step 12
Move mouse over window for approximately 30 seconds. This creates a random
selection of an encryption key. Then click next to create the encryption folder.
LifeCare of Florida, LLCInstructions to Create Encrypted Folder on Workstation Using Veracrypt
Part II: Create an Encrypted Folder on Workstation
Page 11
Step 13
Once the encrypted folder has been created, the next step is to "mount" the drive.
This creates the access to the encrypted folder and is the procedure
that should be followed for each time the folder is to be accessed. (The folder will be
closed and secure each time you log off your workstation or shut down the computer).
Please refer to "VeraCrypt- Instructions to Mount Secure Folder"
LifeCare of Florida, LLC
Instructions to Access Encrypted Folder on Workstation Using Veracrypt
Part III: VeraCrypt: Mount Encrypted Folder
Step 1
To launch VeraCrypt
Start > VeraCrypt
Step 2
Select a drive to use for the folder. Any letter can be chosen that is available. In this example,
the letter "L" is chosen for LifeCare. The click "Select File" to load the
encrypted folder that was Accessd.
LifeCare of Florida, LLCInstructions to Access Encrypted Folder on Workstation Using Veracrypt
Part III: VeraCrypt: Mount Encrypted Folder
Page 2
Step 3
Navigate to the encrypted folder that was Accessd and select that folder.
Click "Open."
LifeCare of Florida, LLCInstructions to Access Encrypted Folder on Workstation Using Veracrypt
Part III: VeraCrypt: Mount Encrypted Folder
Page 3
Step 4
Encrypted folder is shown in window- then click on "Mount"
LifeCare of Florida, LLCInstructions to Access Encrypted Folder on Workstation Using Veracrypt
Part III: VeraCrypt: Mount Encrypted Folder
Page 4
Step 5
Enter password and then select ok
Step 6
A message will appear that the folder is being loaded
LifeCare of Florida, LLCInstructions to Access Encrypted Folder on Workstation Using Veracrypt
Part III: VeraCrypt: Mount Encrypted Folder
Page 5
Step 7
The encrypted folder will appear when it has been loaded.
Press Exit
LifeCare of Florida, LLCInstructions to Access Encrypted Folder on Workstation Using Veracrypt
Part III: VeraCrypt: Mount Encrypted Folder
Page 6
Step 8
After the encrypted folder has been mounted, the folder will be visible as a drive on your
computer. Files can be moved in and out of the folder in the same way any file
is moved using Windows Explorer.
LifeCare of Florida, LLCInstructions to Access Encrypted Folder on Workstation Using Veracrypt
Part III: VeraCrypt: Mount Encrypted Folder
Page 7
Step 9
To assure continued protection of the encrypted folder, LifeCare recommends closing the
encrypted folder when not in active use. This can be accomplished by:
1 Dismount the volume folder
2 Shut down the workstation
3 Log off workstation
LifeCare of Florida, LLC
Instructions to Set up Secure Mail on Androiod
From the Home screen, tap Settings
Tap Settings > Accounts > Add Account > Email
LifeCare of Florida, LLC
Instructions to Set up Secure Mail on AndroidPage 2
Enter: LifeCare email address
Password
Tap: Next
LifeCare of Florida, LLC
Instructions to Set up Secure Mail on AndroidPage 3
IMAP: Synchronizes emails between Android and servers and
allows access to folders on servers.
POP3 Downloads emails to Android and deletes from
server.
Recommend: Select IMAP to retain the email on the mail server
and phone.
LifeCare of Florida, LLC
Instructions to Set up Secure Mail on AndroidPage 4
Note:
Username: Your LifeCare therapy email address
Password: Your LifeCare password
Incoming Mail Server: securemail.aplus.net
IMAP Server Port: 993
POP3 Server Port: 995
Security Type: SSL or SSL/TLS
LifeCare of Florida, LLC
Instructions to Set up Secure Mail on AndroidPage 5
Note:
Outgoing Mail Server:
SMTP Server securemail.aplus.net
Port: 465
Security Type: SSL or SSL/TLS
Requires Sign-in Yes- check
Username: Your LifeCare therapy email address
Password: Your LifecCare password
LifeCare of Florida, LLC
Instructions to Set up Secure Mail on AndroidPage 6
Note:
Enter Name you would like to give to the account
Enter your name
Congratulations: DONE
LifeCare of Florida, LLC
Instructions to Set up Secure Mail on IPhone
From the Home screen, tap Settings
On the Settings screen, tap Mail, Contacts, Calendars
Tap, Add Account
LifeCare of Florida, LLC
Instructions to Set up Secure Mail on IPhonePage 2
Select Other
Select Other
Mail, Add Email Account
LifeCare of Florida, LLC
Instructions to Set up Secure Mail on IPhonePage 3
Select Other
Name: The name to display on your email address
Address: Your email address
Password: Your email account password
Description: Description shows up in the email account list on your
iPhone.
LifeCare of Florida, LLC
Instructions to Set up Secure Mail on IPhonePage 4
IMAP: Synchronizes emails between iPhone and servers and
allows access to folders on servers.
POP3 Downloads emails to iPhone and deletes from
server.
Recommend: Select IMAP to retain the email on the mail server
and phone.
Note: At the end of the setup, you will need to enable
SSL and configure port settings on your phone.
LifeCare of Florida, LLC
Instructions to Set up Secure Mail on IPhonePage 5
Note: Enter the information for the outgoing server
according to the information set for the incoming
server.
LifeCare of Florida, LLC
Instructions to Set up Secure Mail on IPhonePage 6
Note: From the home screen, tap Settings. On the
Settings screen, tap Mail, Contacts, Calendars.
Select your LifeCare email account
Select Advanced
LifeCare of Florida, LLC
Instructions to Set up Secure Mail on IPhonePage 7
Note:
Incoming Mail Server:
Use secure connections (SSL). Select "On"
Authentication: Password
IMAP Server Port: 993
POP3 Server Port: 995
Tap: Save
LifeCare of Florida, LLC
Instructions to Set up Secure Mail on IPhonePage 8
Note:
Outgoing Mail Server:
Use secure connections (SSL). Select "On"
Server Port: 465
Tap : Save
Congratulations: DONE
Helpful? Yes No 70% of people found this helpful.
Additional Product Support Information
iOS: Understanding data protectionLearn how to enable and verify data protection.
Data protection is available for devices that offer hardware encryption, including iPhone 3GS and later, alliPad models, and iPod touch (3rd generation and later). Data protection enhances the built-in hardwareencryption by protecting the hardware encryption keys with your passcode. This provides an additionallayer of protection for your email messages attachments, and third-party applications.
Enable data protection by configuring a passcode for your device:
1. Tap Settings > General > PasscodeSettings > General > Passcode.2. Follow the prompts to create a passcode.3. After the passcode is set, scroll down to the bottom of the screen and verify that "Data protection is
enabled" is visible.
Passcode tipsUse these passcode settings to maximize passcode security:
Set Require Passcode to Immediately.Disable Simple Passcode to use longer, alphanumeric passcodes.Enable Erase Data to automatically erase the device after ten failed passcode attempts.
Last Modified: Feb 4, 2015
iPod touch iPod iPad
If Find My iPhone is turned on, you can use it tofind your device.
If Find My iPhone isn't on, changeyour passwords and report the device asmissing.
If your iPhone, iPad, or iPod touch is lost or stolenIf you lose your iPhone, iPad, or iPod touch or think it might be stolen, these stepsmight help you find it and protect your data.
If Find My iPhone is enabled on your missing deviceYou can use Find My iPhone to find your device and take additional actions that can help you recover itand keep your data safe.
1. Sign in to icloud.com/find on a Mac or PC, or use the Find My iPhone app on another iPhone, iPad, oriPod touch.
2. Find your device. Open Find My iPhone, and select a device to view its location on a map. If the deviceis nearby, you can have it play a sound to help you or someone nearby find it.
3. Turn on Lost Mode. Using Lost Mode, you can remotely lock your device with a four-digit passcode,display a custom message with your phone number on your missing device's Lock screen, and keeptrack of your device's location. If you added credit or debit cards to Apple Pay, the ability to makepayments using Apple Pay on the device will be suspended when you put your device in Lost Mode.
4. Report your lost or stolen device to local law enforcement. Law enforcement might request the serialnumber of your device. Find your serial number:
On the original box or receiptOn My Support Profile (supportprofile.apple.com) if you registered your device with your Apple ID
5. Erase your device. To prevent anyone else from accessing the data on your missing device, you canerase it remotely. When you erase your device, all of your information (including credit or debit cardsfor Apple Pay) will be deleted from the device, and you won't be able to find it using Find My iPhone.After you erase a device, you can't track it. If you remove the device from your account after you eraseit, Activation Lock will be turned off. This allows another person to activate and use your device.
If you use Family Sharing, any family member can help locate another member’s missing device. Just haveyour family member sign in to iCloud with their Apple ID, and you can find any device associated with thatFamily Sharing account.
What if your iOS device is off or offline?
If your missing device is off or offline, you can still put it in Lost Mode, lock it, or remotely erase it. The nexttime your device is online, these actions will take effect. If you remove the device from your account whileit's offline, any pending actions for the device will be cancelled.
How do you turn off or cancel Lost Mode?
You can turn off Lost Mode by entering the passcode on your device. You can also turn off Lost Mode oniCloud.com or from the Find My iPhone app.
If Find My iPhone isn't enabled on your missing device
Helpful? Yes No 66% of people found this helpful.
Additional Product Support Information
If you didn't turn on Find My iPhone before your device was lost or stolen, you can't use it to locate yourdevice. However, you can use these steps to help protect your data:
1. Change your Apple ID password. By changing your Apple ID password you can prevent anyone fromaccessing your iCloud data or using other services (such as iMessage or iTunes) from your missingdevice.
2. Change the passwords for other internet accounts on your device. This could include email accounts,Facebook, or Twitter.
3. Report your lost or stolen device to local law enforcement. Law enforcement might request the serialnumber of your device. Find your serial number:
On the original box or receiptOn My Support Profile (supportprofile.apple.com) if you registered your device with your Apple ID
4. Report your lost or stolen device to your wireless carrier. Your carrier can disable the account,preventing phone calls, texts, and data use.
Find My iPhone is the only way that you can track or locate a lost or missing device. If Find My iPhone isn'tenabled on your device before it goes missing, there is no other Apple service that can find, track, orotherwise flag your device for you.
Last Modified: Oct 6, 2015
iPod touch iPod iPhone
iCloud iPad iPod touch
iPod iPhone iCloud
iPad
Protect your computer with a password Windows 7
Using a strong password is among the most important steps you can take to protect your computer from hackers and other unwelcome users. For more information about
strong passwords, see Tips for creating strong passwords and passphrases.
If you are logged on as an administrator, you can create a password for any user account.
The steps that you should follow will vary, depending on whether your computer is on a domain or a workgroup. To find out, see "To check if your computer is on a
workgroup or domain" in What is the difference between a domain, a workgroup, and a homegroup?
Hide all
My computer is on a domain
1. Open User Accounts by clicking the Start button , clicking Control Panel, clicking User Accounts, and then clicking User Accounts.
2. Click Manage User Accounts. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
3. On the Users tab, click the account you want to create a password for, and then click Reset Password.
4. Type the password in the New password box, type the password again in the Confirm new password box, click OK, and then click OK again.
My computer is in a workgroup
1. Open User Accounts by clicking the Start button , clicking Control Panel, clicking User Accounts and Family Safety, and then clicking User Accounts.
2. Click Create a password.
If there's already a password for this user account, you can change it by clicking Change your password.
3. Type the password in the New password box, and then type the password again in the Confirm new password box.
4. If you would like to use a password hint, type the hint in the Password hint box.
5. Click Create password.
We strongly recommend that you create a password reset disk so you don't lose access to your files if you forget your password. For more information, see Create a
password reset disk.
Need more help?
See all support pages for security, privacy, & accounts.
Ask a question in the community forums.
Hello from Seattle. © 2015 MicrosoftDisclaimers Terms of Use Trademarks Privacy & Cookies Site MapUnited States of America
Windows 10 Devices Apps+games Downloads How-‐to Great things
Windows 10 Previous versions
Accounts Help
ACCOUNTS
••
Turn Android Device Manager on or offIf you lose your Android device, you can use Android Device Manager to:
Find your device: Use Android Device Manager to show your device's location.
Ring, lock, or erase a lost device: Use Android Device Manager to remotely ring or lock your device, eraseeverything on it, or add a phone number to the lock screen.
Tip: You can also link your phone to Google so you can Jnd or ring it by searching for find my phone onwww.google.com .
Set up Android Device Manager
Step 1: Switch Android Device Manager on or off
••
Before you can use Android Device Manager, you need to make sure it's turned on and that your device isassociated with your Google Account. If you have a tablet with more than one user, only the tablet ownercan control this setting.
1. Find Google Settings in one of these places (depending on your device):
A separate app called Google Settings
In your main Settings app, scroll down and touch Google
2. Touch Security.
3. Under "Android Device Manager," switch Remotely locate this device and Allow remote lock andfactory reset on or off.
Note: Make sure you sign into your Google account on your device if you want to use Android DeviceManager.
Step 2: Make sure location access is on
To use Android Device Manager, you have to have location access turned on. If you’ve turned it off, here’show to turn it back on:
1. Open the Settings app on your device .
2. Scroll down and touch Location.
3. Move the switch to the on position.
Learn more about managing your account's location settings.
Unhide devices on Google PlayIf you hide a device on Google Play, the device won't appear in Android Device Manager. Unhide devices bygoing to play.google.com/settings and selecting a device in the Visibility column.
Share this:
Ashley is an Accounts expert and the author of this help page. Leave her feedback below about how to improveit.
Was this article helpful?
YES NO
Learn more about managing your account's location settings.
Step 3: Check that Android Device Manager can locate your device
After you turn on Android Device Manager, check to make sure that it's working properly. Sign in to yourGoogle Account on android.com/devicemanager and check to see if your device shows up.
Don't see your device? Make sure that you're signed in to your Google Account, location settings are on,and that you've turned on Android Device Manager in Google Settings.
Turn Windows Firewall on or off Windows 7
If your computer is connected to a network, network policy settings might prevent you from completing these steps.
Show all
To turn on Windows Firewall
1. Open Windows Firewall by clicking the Start button , and then clicking Control Panel. In the search box, type firewall, and then click Windows Firewall.
2. In the left pane, click Turn Windows Firewall on or off. If you're prompted for an administrator password or confirmation, type the password or provide
confirmation.
Turn Windows Firewall on or off link in Windows Firewall
3. Click Turn on Windows Firewall under each network location that you want to help protect, and then click OK.
If you want the firewall to prevent all programs from communicating, including programs that you have previously allowed to communicate through the firewall,
select the Block all incoming connections, including those in the list of allowed programs check box.
To turn off Windows Firewall
Hello from Seattle. © 2015 MicrosoftDisclaimers Terms of Use Trademarks Privacy & Cookies Site MapUnited States of America
Windows 10 Devices Apps+games Downloads How-‐to Great things
Windows 10 Previous versions
OS X: About the application firewallOS X includes an application firewall you can use to control connections made toyour computer from other computers on your network.
OS X v10.5.1 and later include an application firewall you can use to control connections on a per-application basis (rather than a per-port basis). This makes it easier to gain the benefits of firewallprotection, and helps prevent undesirable apps from taking control of network ports open for legitimateapps.
Configuring the application firewall in OS X v10.6 and laterUse these steps to enable the application firewall:
1. Choose System Preferences from the Apple menu.2. Click Security or Security & Privacy.3. Click the Firewall tab.4. Unlock the pane by clicking the lock in the lower-left corner and enter the administrator username and
password.5. Click "Turn On Firewall" or "Start" to enable the firewall.6. Click Advanced to customize the firewall configuration.
Configuring the Application Firewall in Mac OS X v10.5Make sure you have updated to Mac OS X v10.5.1 or later. Then, use these steps to enable the applicationfirewall:
1. Choose System Preferences from the Apple menu.2. Click Security.3. Click the Firewall tab.4. Choose what mode you would like the firewall to use.
Advanced settings
Block all incoming connections
Selecting the option to "Block all incoming connections" prevents all sharing services, such as File Sharingand Screen Sharing from receiving incoming connections. The system services that are still allowed toreceive incoming connections are:
configd, which implements DHCP and other network configuration servicesmDNSResponder, which implements Bonjourracoon, which implements IPSec
To use sharing services, make sure "Block all incoming connections" is deselected.
Allowing specific applications
To allow a specific app to receive incoming connections, add it using Firewall Options:
1. Open System Preferences.2. Click the Security or Security & Privacy icon.3. Select the Firewall tab.4. Click the lock icon in the preference pane, then enter an administrator name and password.5. Click the Firewall Options button6. Click the Add Application (+) button.7. Select the app you want to allow incoming connection privileges for.8. Click Add.9. Click OK.
You can also remove any apps listed here that you no longer want to allow by clicking the Remove App (-)button.
Automatically allow signed software to receive incoming connections
Applications that are signed by a valid certificate authority are automatically added to the list of allowedapps, rather than prompting the user to authorize them. Apps included in OS X are signed by Apple andare allowed to receive incoming connections when this setting is enabled. For example, since iTunes isalready signed by Apple, it is automatically allowed to receive incoming connections through the firewall.
If you run an unsigned app that is not listed in the firewall list, a dialog appears with options to Allow orDeny connections for the app. If you choose Allow, OS X signs the application and automatically adds it tothe firewall list. If you choose Deny, OS X adds it to the list but denies incoming connections intended forthis app.
If you want to deny a digitally signed application, you should first add it to the list and then explicitly denyit.
Some apps check their own integrity when they are opened without using code signing. If the firewallrecognizes such an app it doesn't sign it. Instead, it the "Allow or Deny" dialog appears every time the appis opened. This can be avoided by upgrading to a version of the app that is signed by its developer.
Enable stealth mode
Enabling stealth mode prevents the computer from responding to probing requests. The computer stillanswers incoming requests for authorized apps. Unexpected requests, such as ICMP (ping) are ignored.
Firewall limitations
The application firewall is designed to work with Internet protocols most commonly used by applications– TCP and UDP. Firewall settings do not affect AppleTalk connections. The firewall may be set to blockincoming ICMP "pings" by enabling Stealth Mode in Advanced Settings. Earlier ipfw technology is stillaccessible from the command line (in Terminal) and the application firewall does not overrule any rules setusing ipfw. If ipfw blocks an incoming packet, the application firewall does not process it.
Last Modified: Feb 12, 2015
Security & Privacy Preferences on Your Mac The Security & Privacy group of the System Preferences window on your MacBook are where you protect your MacBook from unwanted users. TTe Security & Privacy group of the System Preferences window on your MacBook are where you protect your MacBook from unwanted users or where you can choose to turn off your firewall protection (not advised!).
Settings here are divided into three tabs: General: To add an extra layer of password security for your MacBook, select the Require Password After Sleep or Screen Saver Begins check box. Mac OS X then requires that you enter your login password before the system returns from a sleep state or exits a screen saver. Click the pop-up delay menu to specify when the password requirement will kick in (it’s immediate by default). If you’re an admin-level user, you can set the global security features in the For All Accounts on This Computer section, which affect all user accounts. You can choose to do the following: disable the automatic login feature; force Mac OS X to require a login password each time that a System Preference pane is opened; automatically log off any user after a certain amount of inactivity; and display a message when the screen is locked. You can also specify whether Lion should update Safari’s safe download list automatically. (Safari uses this list to determine what files should be opened after downloading, which helps you prevent attacks by viruses and malware.)
Windows: Turn your screen saver on or off
A screen saver is a moving picture or pattern that appears on your computer screen when you haven't used the mouse or keyboard for a specified period of time. Screen savers were originally used to save older, monochromatic monitors from damage, but now they're mainly a way to personalize your computer or enhance its security by offering password protection. To turn a screen saver on or off 1 Open Screen Saver Settings by clicking the Start button and then
clicking Control Panel. In the search box, type screen saver, and then click Turn screen saver on or off.
2 Do one of the following: To turn off a screen saver, in the Screen saver list, click (None), and then click OK. To turn on a screen saver, in the Screen saver list, click an option, and then click OK. Note You can set Windows to lock your computer after a period of inactivity even if you choose to turn off your screen saver. To do this, select the On resume, display logon screen check box, and then click OK. You can also determine how many minutes you want Windows to wait before displaying the logon screen.
Turn onFileVault
Forgotpassword?
Turn offFileVault
Changeyour Key
Learn More
Use FileVault to encrypt the startup disk on your MacFileVault helps prevent unauthorized access to documents and other important datastored on your startup disk.
About FileVaultYou can use FileVault full disk encryption (FileVault 2) to help prevent access to documents and other datastored on your startup disk. FileVault uses XTS-AES 128 encryption. To use this feature, you need OS X Lionor later, and a working OS X Recovery volume on your startup disk.
Turn on FileVaultWhen you first set up your Mac, you might be asked if you want to turn on FileVault. You can check to seeif FileVault is turned on in the Security & Privacy pane of System Preferences.
If FileVault is turned off, you can use these steps to turn it on:
1. From the Apple menu, choose System Preferences.2. Click the Security & Privacy icon in the System Preferences window.3. Click the FileVault tab.4. Click the lock icon and enter an administrator name and password.5. Click the "Turn On FileVault" button.
Enable users
If you enable FileVault on a Mac with more than one user account, you're asked to identify which users canunlock your startup disk as part of setup. Click Enable next to a user name to let that user log in to yourMac at startup. Then, enter the password for that account.
Users that you don't enable can't unlock the startup disk. These users aren't able to use your Mac untilafter an enabled user logs in.
Any new user accounts you create after you turn on FileVault are automatically enabled.
Choose a recovery option
When you enable FileVault on your startup disk, you can choose an option that helps you if you laterforget your password:
In OS X Yosemite, you can store your FileVault key in iCloud. You can then use your iCloud accountname and password to unlock your startup drive or reset your password. In OS X Mavericks, you can share your FileVault key with Apple by answering a set of security questions.You can then contact Apple Support if you you forget your login password and need to decrypt yourstartup drive.You can also create a recovery key that consists of a combination of numbers and letters. You can usethis key to unlock your drive or disable FileVault. Keep a copy of this key somewhere other than yourencrypted startup disk. If you write the key down, be sure to exactly copy the letters and numbers thatare shown, and keep it somewhere safe that you'll remember. If your Mac is at a business orschool, your institution can also set a recovery key to unlock it.
Your password and Recovery Key are very important. If you don't have access to your password orRecovery Key, you won't be able to log in or access any of the documents or other data stored on thestartup disk of your Mac.
Restart your Mac
After you've set up FileVault, you're prompted to restart your Mac. After restarting, a login screenappears. Select your account name and enter your password to continue. This unlocks your startup diskand takes you to your desktop.
When FileVault is enabled you can't log in automatically. A password is always required when you start upyour Mac so that OS X can unlock your startup disk.
The first time you log in after turning on FileVault, encryption of your startup disk begins.
This initial encryption takes time, and it happens only while your Mac is plugged in to AC power. Youcan check encryption progress from the FileVault section of the Security & Privacy pane in SystemPreferences.You can continue to use your Mac while encryption happens in the background.Encryption pauses when your Mac is sleeping or turned off, and continues when your Mac is turned on.
Any new files you create are automatically encrypted as they're saved to your startup disk.
If you forget your passwordWhen you turn on your Mac, you're prompted to select your user account and then enter your password.This unlocks your startup disk and automatically brings you to your desktop.
If you forget your password, follow the onscreen prompts that appear at the login screen to reset yourpassword using your Apple ID or iCloud account. In OS X Yosemite, your password is automatically storedin iCloud if you turned on FileVault when you first set up your Mac.
If you set a Recovery Key, you can also enter it as your login password if you don't know the rightpassword to log in.
In OS X Yosemite, you can also reset the login password you use with FileVault by using the ResetPassword Assistant:
1. Start up your Mac.2. Leave your Mac at the login screen for 60 seconds until you see the forgotten password prompt
appear.3. Press and hold the power button to turn off your Mac. 4. Press the power button again to turn your Mac back on.5. When the Reset Password window appears, follow the onscreen prompts to unlock your startup disk
using your iCloud account or your FileVault Recovery Key.
6. When you're finished, move your pointer to the top of the screen to make the menu bar appear. Then,choose Restart from the Apple menu to restart your Mac normally.
Turn off FileVaultIf you no longer want to encrypt your startup disk, you can turn off FileVault. You can still require apassword to log in to your Mac, but turning off FileVault decrypts the files stored on your startup drive.
1. From the Apple menu, choose System Preferences.2. Click the Security & Privacy icon in the System Preferences window.3. Click the FileVault tab.4. Click the lock icon and enter an administrator name and password.5. Click the "Turn Off FileVault" button.
You must then restart your Mac to turn off FileVault. After restarting, your startup disk is decrypted in thebackground. Decryption pauses if you sleep or turn off your Mac during this process, and continues whenyour Mac is powered on again. You can check decryption progress from the FileVault section of theSecurity & Privacy pane in System Preferences.
Change your Recovery KeyIf you want to change the Recovery Key used to encrypt your startup disk, you need to turn FileVault offand back on again to generate a new key.
Turning FileVault back on provides you with a new recovery key and allows you to again specify whichusers can unlock your startup disk. You won't be able to use any older recovery keys to unlock your startupdisk, so be sure to store the new key in iCloud, or write it down and keep it somewhere safe.
Learn moreEncrypting your startup disk requires OS X Recovery. In rare situations, you might receive an alert duringinstallation of OS X that OS X Recovery could not be created. If this happens, you can't use FileVault fulldisk encryption until you correct this issue. See About OS X Recovery for more information.
Migrating a Legacy FileVault account
If you're using FileVault home directory encryption ("Legacy FileVault") in Mac OS X v10.6 SnowLeopard, you can upgrade to a later version of OS X and continue to use your FileVault-encryptedhome directory. With a Legacy FileVault encrypted home directory, opening the Security & Privacypreference pane alerts you when you're using an older version of FileVault.You can continue to use Legacy FileVault encryption in newer versions of OS X, but you can't enable itfor additional user accounts. If you want to use the newer full disk encryption feature instead, turn offLegacy FileVault encryption from the Security & Privacy preference pane first.
If you choose to store your recovery key with Apple, be careful to choose security questions and answers that you can
clearly convey to an AppleCare Advisor.
When storing your recovery key with Apple or iCloud, there is no guarantee that Apple will be able to provide your
recovery key back to you.