Chrome OS Security Guidelines

Overview

The information below will help you to secure your Chromebook by implementing settings that will help to safeguard your privacy and make your device more secure.

Information

Because different versions of Chrome OS are used on a variety of Chromebooks, the steps listed below may differ for the version used on your device. If the following steps do not match your Chromebook, please contact the Service Desk for assistance.

Please note:

• Getting to Settings: Chrome (browser) Settings and Chrome OS Settings are not interchangeable.
  • Chrome (browser) Settings can be accessed by either of the following
    • Clicking the three dots menu ⋮, then clicking Settings
    • Entering chrome://settings in the address bar
  • Chrome OS Settings can be accessed by
    1. Opening the status tray menu by clicking on the clock in the corner
    2. Clicking the Settings gear icon
• All changes listed below will be reset if you enter developer mode.

Settings

• Disable guest browsing.
  • Disable guest browsing to prevent other people from logging in to the Chromebook as a guest user.
    • In Chrome OS Settings, scroll down to the People section and click the Manage other people button. 
    • Uncheck the box for Enable Guest Browsing.
    • Note: Only the owner account can make changes on this screen.
• Require a password to wake from sleep.
  • Require a password when your Chromebook wakes from sleep prevents unauthorized users from accessing your account if you have logged into the machine and left it unattended.
    1. In Settings, scroll down to the People section and click the Screen lock button.
    2. Confirm your password to make changes (if prompted)
    3. Check the box to Show lock screen when waking from sleep.
    4. Test by closing the screen (if laptop) or allowing the screen to go black (if a desktop machine). Upon waking the machine, you should see a prompt to enter a password.
• Restrict sign-in to specific users.
  • You can prevent someone from creating a new account on your Chromebook by restricting sign-in to known users.
    • In Settings, scroll down to the People section and click the Manage other people button.
    • Check the Restrict sign-in to the following users: box.
      • Only the owner account can make changes on this screen.
    • In the text field at the bottom of the window, enter the name or email address of the user(s) that you would like to allow to log in to your machine and press Enter.
    • When you have finished entering users, click Done.
• Install University of Oregon VPN software if you expect to use untrusted or public networks.
  • Untrusted or public networks include wireless provided in hotels and coffee shops. UO’s VPN provides a secure connection to the University’s network from a remote location. Members of the UO community can utilize the UO VPN.
• Review and enable privacy settings.
  • In Chrome (browser) Settings, scroll down to the bottom and click Advanced ⯆
    • Scroll to the Privacy and security section.
    • Make sure the following two (2) options are checked:
      1. Under Security, make sure Standard protection is enabled
      2. Under Cookies and other site data, make sure Send “Do Not Track” request with browsing traffic is checked
    • Make sure the following two (2) options are not checked:
      1. Under Cookies and other site data, make sure Preload pages for faster browsing and searching is not checked
      2. Under Security, make sure Help improve security on the web for everyone is not checked
  • In Chrome OS Settings, scroll down to the bottom and click Advanced ⯆
    • Scroll to the Privacy and security section
    • Make sure the following one (1) option is not checked:
      1. Help improve Chrome's features and performance
• Configure passwords and forms.
  • Configure the Passwords and forms settings to protect your personal information and DuckID. To configure them, go to Chrome (browser) Settings.
    1. Scroll down to the Autofill section
    2. Make sure the following three (3) options are not checked:
       1. Under Passwords, make sure Offer to save your web passwords is not checked
       2. Under Payment methods, make sure Save and fill payment methods is not checked
       3. Under Payment methods, make sure Allow sites to check if you have payment methods saved is not checked
       4. Under Addresses and more, make sure Save and fill addresses is not checked

Connections

• Use a secure network connection.
  • Your cellular carrier network or a secure wireless network are your best choices.
  • UO community members can connect to UO Secure Wireless while on campus.
• Use the UO VPN if you are using untrusted or public Wi-Fi.
  • Be sure you have installed UO VPN.
• Turn off or restrict Bluetooth and Wi-Fi when they are not in use.

Management

• Keep your Chrome OS updated for the latest security updates and improvements.
  • To check for and apply updates to your Chromebook:
    • In Chrome OS Settings, click About Chrome OS, located on the left-hand menu of Settings window.
    • In the About Chrome OS screen that appears, click Check for updates.
    • Your Chromebook will start to install any available updates.  Restart your Chromebook if directed to finish updates.
• Only install trusted apps and extensions.
  • Extensions are extra features that can be added to the Google Chrome web browser.  Install extensions from the Chrome Web Store.  This is the most reliable source for securely adding extensions.  For example, you may download an ad blocking extension to block advertisements while using the Chrome browser.
  • Applications or apps can be used to perform standalone functions within the operating system.  Install apps from the Chrome Web Store.  This is the most reliable source for securely adding applications.  For example, Google Docs is an app that runs through the Google Chrome web browser.  Another example is the is the Cisco AnyConnect VPN Client which is used to connect to the University of Oregon’s VPN Service.
• Do not make unauthorized modifications to your Chrome operating system.
  • Do not unlock or bypass the security features that prevent you from changing your operating system or gaining privileged control (also called “root” access) to it. This hacking process is often called “jailbreaking” or “rooting.”
• Be aware of where data is being stored
  • If you are permitted to access university data from your device, check the Information Security Quick Reference Guide for information classification and the Collaboration Tools Matrix to determine where the data can be stored.
  • Personal storage services (e.g. Google Drive, Box, etc.) should not be used to store sensitive university data .
• If you travel internationally, be aware that certain types of sensitive university data cannot be accessed outside of the United States of America.
  • Check UO’s export controlled items list for details.
• Before you sell or donate your device; back it up, then erase all content and settings with Powerwash.
  • Powerwash removes all user accounts and data from the machine and restarts it back to factory settings.  This option would be best used for cleaning data from a loaner laptop before returning it. If using a shared machine, make sure to check with users who have an account on the machine before using Powerwash.  There are two ways to run Powerwash, using the Settings menu or by using shortcut keys.
    • In Chrome OS Settings, scroll down to the bottom and click Advanced ⯆
    • Scroll down to the Reset settings section and click the Reset button in the Powerwash option.
    • You will see a prompt to restart the machine. Click the Restart button.
    • After restarting, you will see a window asking if you want to run Powerwash. Click the Powerwash button.
    • Click the Continue button.
    • After the device resets, it will have factory default settings and all user accounts and data will have been deleted.
• Report Security Incidents
  • If you’ve used your device to access sensitive data and it is lost or stolen, report it to the Information Security Office

Additional Best Practices

• Turn off GPS/Location Services for apps where you do not need it.
• Set your web browser for private browsing.  In Chrome, open the Chrome menu and look for advanced privacy settings.
• Turn on airplane mode when you do not need to use your GPS, radio, Wi-Fi, or Bluetooth.  
• Avoid using public Wi-Fi hotspots.
• Travel safely with technology. Take precautions while you are away from home and to protect the university’s sensitive data.
• Consider using a mobile anti-virus product.  They are relatively new to market and are still maturing.