- #GOOGLE CHROME OS MANAGEMENT CONSOLE LICENSE FULL#
- #GOOGLE CHROME OS MANAGEMENT CONSOLE LICENSE PASSWORD#
#GOOGLE CHROME OS MANAGEMENT CONSOLE LICENSE PASSWORD#
Use a strong 9-character password to authenticate to the device. Use the native Chrome OS data encryption without additional configuration. Use the native IPsec VPN client until a Foundation Grade VPN client for this platform becomes available. How the Platform Can Best Satisfy the Security Recommendations 3.1 Assured data-in-transit protection Only limited policy controls are available to restrict the external interfaces a user can enable, meaning that external interfaces may be accidentally or deliberately enabled by the end-user.ģ. There is no account lockout to prevent brute force attacks when the device is offline, however authentication attempts are hardware rate limited through the on-board TPM.Ĭollection of events for enterprise analysis is limited, meaning protective monitoring and forensic analysis following any compromise may be much harder than on other platforms. Trust in Google’s online services is essential for enterprise deployments of Google Chrome Without assurance there is a risk that data stored on the device could be compromised.Ĭhrome OS relies on Google services to authenticate users to the device, and to manage the device.
#GOOGLE CHROME OS MANAGEMENT CONSOLE LICENSE FULL#
These shortcomings in the VPN increase the risk that data transiting from the device could be compromised.Ĭhrome OS data encryption has not been independently assured to Foundation Grade, and does not support some of the mandatory requirements expected from assured full disk encryption products. In addition, there is potential for the user to disable the VPN at any time and some Google traffic is sent prior to the VPN being established. The VPN has not been independently assured to Foundation Grade. The following significant risks have been identified:
It is not possible to display security related events such as failed logins Only limited technical controls can be exercised over user access to physical and wireless interfaces on the device.ġ1. Platform integrity and application sandboxingħ. The built-in data encryption has not been independently assured to Foundation Grade.ĥ. The built-in VPN has not been independently assured to Foundation Grade. See How the Platform Can Best Satisfy the Security Recommendations for more details about how each of the security recommendations is met. Rows marked represent a more significant risk. Explanatory text indicates that there is something related to that recommendation that the risk owners should be aware of. This platform has been assessed against each of the twelve security recommendations, and that assessment is shown in the table below. Users of Chrome OS devices should not use unaccredited enterprise or Internet services to store or process OFFICIAL email, documents or web applications. To support these scenarios, the following architectural choices are recommended:Īll data should be routed over a secure enterprise VPN to ensure the confidentiality and integrity of the traffic, and to benefit from enterprise protective monitoring solutions. This enables a variety of remote working approaches such asĪccessing OFFICIAL email through an enterprise-provided web portal Ĭreating, editing, reviewing and commenting on OFFICIAL documents through an enterprise-provided web portal Īccessing the OFFICIAL intranet resources, the internet and other web-resources. Usage ScenarioĬhrome OS devices will be used remotely over any network bearer, including Ethernet, Wi-Fi and 3G, to connect back to enterprise services over a VPN. This guidance was prepared with the provided versions as of June 2013. All device management services are provided by Google Infrastructure. This guidance was developed following testing performed on Samsung Chromebooks running Chrome OS version 26.0.
This guidance is applicable to devices running Chrome OS 26 and later.
0 kommentar(er)
