Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Meeting the Challenges of Remote Work with Chrome OS Policy Settings – Part II
  • Cyber Attacks
  • Data Breach

Meeting the Challenges of Remote Work with Chrome OS Policy Settings – Part II

5 years ago Ben Layer
Meeting the Challenges of Remote Work with Chrome OS Policy Settings – Part II

Welcome to the second part of this two-part blog series for administrators who are new to the Chromebook enterprise system. In the previous blog, we discussed settings that are applicable to users and applications. In this blog, we will further explore the Chrome enterprise admin panel as we look into settings that pertain to privacy and physical devices.

Device Settings

Device settings apply to the physical Chromebook device. They are enforced no matter which user is logged in. All entries discussed in this section can be found by navigating to the Device Settings area in the G Suite Admin console via the following steps:

  1. Visit https://admin.google.com and log into the Chrome Admin panel.
  2. Select Devices from the home page.
  3. Expand the Chrome entry within the left navigation.
  4. Expand the Settings entry under the Chrome entry.
  5. Select Device under the settings entry.

Enrollment and access – Forced re-enrollment

This setting will vary by your organizational needs. You may wish to ensure that devices automatically enroll or enroll with credentials upon wiping, which can help track lost or stolen devices. However, in a Bring Your Own Device (BYOD) scenario, you may need to allow devices to be wiped and re-used with personal accounts.

Sign-In settings – Guest mode

By default, Guest mode is allowed, which allows access to the device circumventing any user policies or Chrome management extensions you may have force-installed. Set this value to Disable guest mode.

Privacy Settings

These settings are related to privacy and can be found mixed within the previously discussed sections. While not strictly related to security, altering these settings can reduce disclosure of sensitive information whether it be corporate or user data.

User & Browser Settings – Security: Browser History

Here you can chose to Never save browser history if your organization requires it or Always save browser history if required by your organization.

User & Browser Settings – Security: Clear browser history

Like above, some organizations may strictly want to either Allow or not Allow the clearing of browser history, depending on policy.

User & Browser Settings – Security: Force ephemeral mode

You may choose to Erase all local data to in order to remove all private data each time the browser is closed.

User & Browser Settings – Security: Geolocation

Choose Always ask the user if a site wants to detect their location in order to maintain privacy from individual websites where desired.

User & Browser Settings – Network: Data compression proxy

This setting uses Google as a proxy, meaning Google has access to either content or meta data. While this compression may be desirable for some mobile network scenarios, it is likely unwanted in most organizations. Choose Always disable data compression proxy.

User & Browser Settings – Printing: Google Cloud Print Submission

Google cloud print is a useful feature, and while Google claims your documents are strictly confidential, it does require that your document is sent to Google’s servers. Choose Disallow submission of documents to Google Cloud Print if your organization is unwilling to have confidential documents in Google’s hands. If cloud printing is disallowed, you may wish to see other options for enabling native ChromeOS printing.

User & Browser Settings – Content: Third-party cookie blocking

Third-party cookies are used for user tracking, and even Google is phasing them out. For now, select Disallow third-party cookies.

User & Browser Settings – Content: Enable URL-keyed anonymized data collection

This setting sends URLs visited by a user to Google. Disable this by changing the setting to Data collection is never active.

User & Browser Settings – User Experience: WebRTC event log collection

This setting allows Google services to collect WebRTC logs from customers who opt in. This is telemetry data, which you can opt out of by changing this setting to Do not allow WebRTC event log collection.

User & Browser Settings – User Experience: Spell check service

In order to provide spell and grammar checking, text may be sent to a remote service, which may be out of policy for some organizations. Choose to Disable the spell checking web service if you do not want your text sent to a remote service. You will still have client-side spell checking.

 User & Browser Settings – User Experience: Google Translate

This is another very useful feature, but it does require sending text to Google for translation, which may be out of policy for your organization. Choose Never offer translation if desired for your organization.

User & Browser Settings – User Experience: Form auto-fill

There have been various attacks on user data via the form auto-fill mechanism ranging from detecting a user’s name or address to stealing passwords. Choosing Never auto-fill forms will reduce this risk. You can also encourage the use of a password manager at the expense of sometimes retyping your address.

User & Browser Settings – User Experience: DNS pre-fetching

DNS pre-fetching can speed up web browsing, but it can also have other risks such as potentially leaking information about the user over a network. This is a low-priority concern, but you can select Never pre-fetch DNS to stop it.

User & Browser Settings – User Experience: Network prediction

Similar to DNS pre-fetching above, network prediction can make requests to pre-load information even if the user never clinks a link, leaking information to sites that perhaps would have never been visited. You can disable this by choosing Do not predict network actions.

Content – Screenshot

By default, users are allowed to take screenshots. While this setting won’t protect all manners in which attackers might be able to capture screen data, it is one way to reduce the possibility that sensitive data is captured for unauthorized use.

Using Chrome OS Policy Settings for Your Organization

Chromebooks and the Google Chrome Enterprise Upgrade make compelling solutions particularly for those administrators who find themselves suddenly supporting an increased number of remote users. The cloud-native Chrome OS is positioned as a capable desktop operating system with a centralized management console and enough configuration options to satisfy even the most security conscious organizations. This blog has illuminated some of the settings that are most in need of consideration whether you have a new or existing Chromebook deployment.

The post ” Meeting the Challenges of Remote Work with Chrome OS Policy Settings – Part II” appeared first on TripWire

Source:TripWire – Ben Layer

Tags: Cloud, Google, Google Chrome, Low Severity, Privacy, Private Data, TripWire

Continue Reading

Previous Zeppelin Ransomware Returns with New Trojan on Board
Next Cybersecurity Maturity Model Certification (CMMC) and Why You Should Care

More Stories

  • Data Breach

Orchid Security Introduces Continuous Identity Observability for Enterprise Applications

3 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

5 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

8 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

9 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

9 hours ago [email protected] (The Hacker News)
  • Data Breach

[Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate

1 day ago [email protected] (The Hacker News)

Recent Posts

  • Orchid Security Introduces Continuous Identity Observability for Enterprise Applications
  • The First 90 Seconds: How Early Decisions Shape Incident Response Investigations
  • Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers
  • Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions
  • CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT