Security and Kuori devices
This Guide describes how to protect your Kuori products.
Top 3 security measures
- Use MDM to control access. Configure it not to allow app installs, adding accounts, etc. This is most important and cuts down abuse significantly. Use kiosk mode as necessary, especially on public devices.
- Protect the physical frame. Not having chewing gum in USB ports can’t be done in any other way. Access to USB allows for memory sticks and other commonly available means to be used to vandalise the device. Choose a stand suitable for the intended use.
- Set the device up into a separate network. A network that is not normally accessible by visitors, students, etc. This will cut down most of the network attack vectors.
MDM
We highly recommend the use of MDM (Mobile Device Management). Our company offers the service to install device management software, in our case Miradore, that can help to take measures to protect your device by placing certain restrictions on it. Most MDM software should work with Kuori devices.
Vandalism Protection
If you fear that the Kuori device is standing in an environment that may encounter vandalism, we recommend protecting the device with a public place casing. This prevents unauthorized access to device ports and physical buttons.
Device Protection
What else can be done to protect the device?
- Don’t allow unknown installs!
- Don’t allow users to switch background image (especially in schools etc)
- Only install APKs you know are dependable. Using Play Store or MDM is recommended.
- Restrict the number of accounts allowed on the device (drive, dropbox, etc)
- Don’t store sensitive info on the device itself (locally). Use a USB drive, Google Drive or Dropbox for documents and make sure to sign out of your account after use or eject/remove your USB.
- Backup the device desktop regularly, send those backups to your email or cloud for storing and use MDM for app installs so that in case of disaster the restoration process is easy.
- Furthermore, please protect the Kuori device from direct sunlight, especially if you have an IR model and from other elements. Please check whether you need IP67 protection before purchase.
Virus Protection
A Kuori device that does not allow app installations from unknown sources and is secured by MDM is not an easy target for viruses. It is very important to secure the device via the above means. This limits the amount of damage a virus can cause to your Yetitablet and in your network.
F-Secure offers an anti-virus program for Android. We recommend using it if you want to protect your device against virus attacks.
If your device has been contaminated by a virus, factory reset is the most secure way of dealing with viruses. Kuori devices have built-in means to do that. Factory resetting the device and reinstalling everything via MDM should take about one hour.
Q: Is there a software or app that can protect the Kuori device (Android) from getting viruses and other attacks alike?
A: A combination of correctly configured MDM and play store should be sufficient in most cases. This includes not to allow unknown apps, not allowing unknown USB devices, etc.
Q: Is there a software or app with which one can scan a Kuori device to detect viruses or alike in case of a suspected attack?
A: Yes, F-Secure has virus scanners which should work on our Kuori devices.
Android Version and Security Updates
Q: My Kuori device has Android 7.1.2 installed, but it states that the last security update was only from 2017.
A: The most important indicator for a secured device is proper setup as described in this document. The security version number depends on the kernel version of the device. Proper consideration of attack vectors is most important when considering the overall security of Yetitablet.
Most of the security issues in a device like the Kuori device come not from the core software but bad apps, physical issues (access to USB ports) and a poorly configured device, such as allowing app installations from anywhere, allowing to change the background image to porn, etc.
Separating the device into a network of its own, not allowing app installations and securing Yetitablet with MDM make it a hard target to break into. Not keeping sensitive info on the device makes Yetitablet a mostly uninteresting target except for vandalism. Follow the steps outlined in this document to ensure a safe and pleasant user experience for your Yetitablet.
Kuori provides updates for its own apps. Keep other apps updated via Play Store or MDM.
Summary
To conclude, proper physical security + MDM + access control mostly takes care of security problems. It is important to note that viruses are more often a threat to Windows devices due to the differences in the security model and the number of vulnerable targets in the world.
Kuori devices are usually unsuitable for storing sensitive and secret data as they are often public devices. The most realistic threat from the internet is bots that scan for vulnerabilities and malware, most commonly apps that the user installs themselves and malicious web pages. Bots can be blocked via a good network policy (firewall), whereas MDM can handle malware and prevent installs from unknown sources.