Chromebook Security 101
Make sure your enterprise deployment is secure.
Chromebooks are the new hotness. Manufacturers around the world are created laptops that run on Chrome OS, a Google operating system that keeps a machine light and tidy. Chromebooks/Chrome OS devices are great for your grandma, your mom, and yourself if your goal is to use internet applications and keep a minimalist approach to computing.
Chromebooks also have caught the attention of enterprises around the world. Since the beginning of computer, a “thin client” has been desired — something that has minimal functionality and power but can run business critical applications for users. The Chromebook fits the bill well in 2017 and beyond given that most things people do are online. Enterprise rollouts bring their own sets of challenges which are well documented but companies like VMWare have been helping with their Workspace ONE product.
Being a hacker for 10 years, I immediately began thinking of the security implications that surround Chromebooks. There are TONS of exploits for Chrome, for web applications, and for Linux so where does that leave the Chromebook?
Here are some tips that I’ve gathered from working with companies that widely use Chromebooks:
1. Secure Google & Enable Two-Factor
As a Google admin, lock down your applications and settings so people cannot remove security features or send data to unauthorized apps. Google has made this very simple by allowing you to change individual settings for your organization. Google+, for example, may be leaking sensitive data to the outside world, making a larger surface for attackers. Disable it! GSuite users can also completely remove the ability for unauthorized apps to access user data. Disabling services like Google Drive can prevent data leakage and over-sharing.
Most importantly, force that all users use multi-factor authentication on all of their Google services both personal and corporate.
Take a look at the Google best practices here: https://support.google.com/a/answer/1360111?hl=en
2. Use a VPN
Coffee shops, libraries, friend’s wifi, oh my! The problem of using insecure networks exists for all machines but is exceptionally difficult to manage on Chromebooks. You’ll need to rely on a VPN service(or create your own) to keep data safe. There are a number of extensions in the Chrome store that do this but I can’t recommend one in particular. I typically say any “service-based” VPN isn’t as secure as your own but at scale, it changes.
Here’s how to setup a VPN on a Chromebook: https://support.google.com/chromebook/answer/1282338?hl=en
3. Antiphishing, Antimalware and Endpoint Security
The glaring issue with Chromebook security is the lack of protection from attacks. The threat of malware is reduced but since Chrome OS is Linux-based, there is always opportunity for exploitation and attack. Phishing is always a great concern, especially when using internet applications more than anything else. Passwords can be stolen, auth tokens intercepted, and malware implanted. Your best bet to protect from ALL of these attacks is to use Apozy NoHack. NoHack stops phishing, malware, and web-borne attacks by making every web page safe to browse. It deploys via Google management in seconds and begins protecting immediately. Best part? It works anywhere, even on personal accounts.
4. Factory Reset to Clean It All
Worst comes to worst, you can always do a factory reset of the settings of any Chromebook device. Hopefully, since everything is web-based, nothing of value was lost! Your passwords were kept in a password manager, your data was in the cloud, and now your device is a fresh slate to secure. Google calls this a “powerwash”, which is a pretty good analogy.
Here’s how to do it: https://support.google.com/chromebook/answer/183084?hl=en
Chromebooks are a great way to get secure devices deployed inexpensively — just make sure there’s nothing that can put ruin to your best laid plans.