Today is Data Privacy Day, a global initiative to highlight information security rights and practices, especially among teens, professionals, corporations, and the government.

As part of the celebration, TUAW (along with our sister blog Download Squad) has seven good ideas for you about how to keep your data safe and away from prying eyes with Mac OS X Leopard. Also, be sure to browse TUAW articles filed under Security for other tips and alerts about keeping your data safe.

1: Turn on your firewall

Leopard, as we all know, comes with a built in firewall to prevent other computers from connecting to internet-facing ports on your computer. But: Did you know it's turned off by default?

To turn on your firewall, open System Preferences, and click the Security icon. Then, click the Firewall tab. Make sure either "Allow only essential services" is selected, or you can choose to "set access for specific services and applications" yourself.

You can also use "Stealth Mode": when enabled, computers that send data to blocked ports won't even get acknowledgement that the data was received. To enable Stealth Mode, click the Advanced button on the Firewall tab of the Security preference pane, and click the check box next to "Enable Stealth Mode."

2: Set a screen saver password

A feature popular with Windows users, Mac OS X can also lock your screen when your computer sleeps or when the screen saver comes on. Simply open System Preferences, select Security, and choose the General tab. Click the check box next to "require password to wake this computer from sleep or screen saver," and you're all set.

If you have automatic login enabled and click the "require password" check box, Mac OS X will recommend that you disable automatic login. This means you'll have to enter your password to turn your computer on, too; nefarious nogoodniks won't be able to restart your Mac while the screen saver is on to circumvent the need for a password. Good thinking.

If you use a notebook Mac, then the risks are higher for getting your computer stolen. However, Apple has included a tool to protect your entire home folder (documents, pictures, movies, etc.) right within OS X. FileVault protects your computer against stolen data by encrypting/decrypting your home folder each time you login and logout.

To use FileVault, you must first set a Master Password. This password is a fail-safe if you forget your user login info. However, if you lose both your user login info and the master password, you will not be able to decrypt your home folder and your data (if not backed up in unencrypted form) will be lost forever. To set the master password, navigate to System Preferences > Security > FileVault > Set Master Password.

Once you have the master password set, you will be able to turn on FileVault and begin protecting your data. Click the "Turn on FileVault" button in the FileVault section of the Security preference pane. You will be asked for your master password, and a disclaimer will be displayed explaining the process. Please note that you will not be able to login to your Mac via SMB (Windows file sharing) after turning on FileVault.

FileVault provides a high level of data security, but some applications have a history of incompatibility with the feature; it's also very important that you have a secure and solid backup strategy if you choose to use FileVault. For best results with Time Machine, make sure that your FV home folder is upgraded to the Leopard image format (if you were using FV under Tiger, you may have to turn it off and back on to convert your home folder) and log out of your account periodically to allow backups to run.

FileVault is the Home directory encryption feature of OS X (introduced in Pather) which Apple bills as offering, 'Eternal Protection.' Apple hasn't produced much documentation on FileVault, I suppose in hopes that no one would find an easy way to hack it. A presentation at the 23rd Chaos Computing Congress focused on FileVault, how it works, and possible vulnerabilities.

Luckily for us, the general conclusion is that FileVault is a good way to secure your drive, if used correctly. FileVault does not encrypt the contents of system memory by default in Tiger (It doesn't do it at all in Panther) and it does not, by design, encrypt anything outside of a user's home directory.

There are a few possible attack vectors, but the easiest seems to be a good old brute force Dictionary attack on the 'Master Password' that you must set when enabling FileVault. Remember, if your password is weak all the encryption in the world won't help you.

[via MacSlash]

Ok, so I'm using a dash of hyperbole in the title of this post, but Simson Garfinkel (writing for Computerworld) does recommend Apple portables based on security functionality alone. He highlights Filevault, secure virtual memory, and secure empty trash as the features of OS X that make Apple portables so secure. Sure, as he points out, one can get Windows up to this level of security (Lenovo does include similar utilities with their ThinkPads) but not without tinkering with Windows. OS X has it all built right in.

The one thing that Simson would like to see Apple do? Enable all of these features by default.

How many folks out there are using a combo of these features on their Macs?

Yesterday I was singing the praises of Keychain, and I still stand by my assessment. Keychain is a key feature of OS X that makes it stand apart from Windows. But what happens if you forget your Keychain password? You know, the password that lets you access all your other, heavily encrypted data?

That is exactly what happened to one poor soul who put the question to the MetaFilter community. It isn't as bad as forgetting your FileVault password, however, the sad truth of the matter is that you're going to have to generate yourself a new Keychain folder and starting from scratch. I know it sucks, but that is the price we pay for security. If you are in the same situation check out the MetaFilter discussion for the steps you need to take.

I'll admit it, I don't want people poking around my Mac. While I may want certain files encrypted, Apple's File Vault would be overkill for my needs. That's why I use Knox. With Knox, you can quickly create password-protected, encrypted volumes that you alone can gain access to. You can even schedule backups to occur whenever your iPod is docked. If that's not your cup of tea, you can use a remote server or even your .Mac storage space as a backup destination for Knox. Moving from volume to volume is easily accomplished via a menu bar item.

How secure is secure? From the website: "Knox’s encryption—based on Apple’s FileVault technology—protects files with the U.S. Government’s new Advanced Encryption Standard (AES)." So there you go. Changes to version 1.0.7 include:

• Fixed a problem with opening the Preferences window after upgrading to 1.0.6.
• Fixed a crashing bug in Knox task handling.

There is a free trial available, and a single license will cost you $29.95US (€29.95 w/ VAT). Knox requires Mac OS 10.3.9 or later.