Understanding ChromeOS fundamental security tenants Flashcards
Encryption
When using web apps on a Chromebook, all important data is stored safely in the cloud. Certain kinds of files, like downloads, cookies, and browser cache files, may still be present on the computer. The Chromebook encrypts this data using tamper-resistant hardware, making it very difficult for anyone to access those files.
Forced re-enrollment
Sign in to your Google Admin console.
Sign in using an administrator account, not your current account Farhaan.Ali28@gmail.com
In the Admin console, go to Menu ""and then"" Devicesand thenChromeand thenSettingsand thenDevice.
To apply the setting to all devices, leave the top organizational unit selected. Otherwise, select a child organizational unit.
Go to Enrollment and access.
Configure the Forced re-enrollment setting:
Force device to automatically re-enroll after wiping—Wiped ChromeOS devices automatically re-enroll into your account without users having to enter their username and password.
Force device to re-enroll with user credentials after wiping—Users must manually re-enroll ChromeOS devices into your account.
Device is not forced to re-enroll after wiping—Users can use the ChromeOS device without re-enrolling it into your account.
No installation of antivirus software
Chromebooks use the principle of “defense in depth” to provide multiple layers of protection, so if any one layer is bypassed, others are still in effect. So while it’s still important to take precautions to protect your data, Chromebooks let you breathe just a little bit easier. Your Chromebook has the following security features built-in:
Automatic updates
The most effective way to protect against malware is to ensure all software is up-to-date and has the latest security fixes. This can be difficult to manage on traditional operating systems with many software components from many vendors all with different update mechanisms and user interfaces. Chromebooks manage updates automatically so Chromebooks are always running the latest and most secure version.
Sandboxing
On a Chromebook, each web page and application runs in a restricted environment called a “sandbox.” If the Chromebook is directed to an infected page, it can’t affect the other tabs or apps on the computer, or anything else on the machine. The threat is contained.
Verified Boot
Even if malware manages to escape the sandbox, the Chromebook is still protected. Every time the Chromebook starts up, it does a self-check called “Verified Boot.” If it detects that the system has been tampered with or corrupted in any way, typically it will repair itself without any effort, taking the Chromebook back to an operating system that’s as good as new.
Data Encryption
When using web apps on a Chromebook, all important data is stored safely in the cloud. Certain kinds of files, like downloads, cookies, and browser cache files, may still be present on the computer. The Chromebook encrypts this data using tamper-resistant hardware, making it very difficult for anyone to access those files.
Recovery Mode
If anything goes wrong with a Chromebook, you can simply push a button or use a quick keyboard combination to enter recovery mode and restore the operating system to a known good version.
Verified boot/Trusted Platform Module (TPM)
Verified Boot
Even if malware manages to escape the sandbox, the Chromebook is still protected. Every time the Chromebook starts up, it does a self-check called “Verified Boot.” If it detects that the system has been tampered with or corrupted in any way, typically it will repair itself without any effort, taking the Chromebook back to an operating system that’s as good as new.
TPM chips are provisioned by Google and distributed to OEMs. Verified boot will utilized the known google record to confirm device security. This is important also when deploying mass updates via https://chromiumdash.appspot.com/serving-builds?deviceCategory=Chrome%20OS.
