Device Security Features - What is Device Hardening?
Hello and Welcome to WeGuard Enterprise Visual Knowledge-base Series.
In this KB article, We will explain how to harden your device for security measures.
We will discuss the process of securing a device by reducing its surface of vulnerability. For this demonstration, we used a device registered with a Kiosk policy, to a WeGuard Enterprise account. This feature works equally well with other Android policies on Business and Enterprise accounts.
Note: It is assumed that you already have a WeGuard enterprise account created for your organization.
A device hardened, means it is a more secure operating device. Turning off non-essential services and configuring the system with security controls such as password management, file permissions and disabling unused features and applications.
- Click on the Policy Group option on the left-hand menu. On clicking this option, you will be shown a page similar to the one in the screenshot below.
- For demonstration purposes, we are using default policy. Click on the Default Android Kiosk Policy.
- Click on the Policy tab as shown in the screenshot.
- Location Settings is a way to prevent location services from being turned off on your devices. This ensures that the end-users know that location services are enabled and not allowed to disable.
- By default, you will be on the General settings tab find the location settings option and choose “Location On” from the dropdown.
2. Disable Factory Reset is a security method that was designed to make sure to wipe and factory reset your device.
- Scroll-on to the Security tab as shown in the screenshot. find the “Disable Factory Reset” option and turn on the toggle.
3. Safe Boot – Safe boot allows a user to boot an Android device through which the user can alter the bootloader and applications on the device and misuse it for personal gain. So, it is necessary to restrict user access and disable the Safe Boot feature on the device.
- Find the “Disable Safe Boot” option and turn on the toggle button.
4. Allow Power-Off – Disabling the Power option will hide the power-off option when a user presses the power button on Android devices.
- Find the “Allow Power-Off” option and turn on the toggle button
5. Disable Apps Installations from Unknown Sources - Our devices and personal data are more vulnerable to threats such as ransomware apps downloaded from unknown sources. So, it’s necessary to disable this functionality.
- Find the “Disable Apps Installations from Unknown Sources” option and turn on the toggle button.
6. Disable Physical Reading Mounting is a way to prevent the user from accessing the physical storage files on the device. This ensures locking down user access to the physical storage on the device.
- Find the “Disable Physical Reading Mounting” option and turn on the toggle button.
7. Force-On Mobile Data is a way to prevent mobile data from being turned off on your devices. This ensures the end-users know that mobile data is turned on and not allowed to be turned off.
By default, WeGuard keeps the mobile data turned on 24*7 on the device even when the device may not have connectivity to the data network. This ensures the device will be online whenever the network is available on the device.
8. Kiosk Mode allows organizations to set up devices for a specific use case and ensures that devices are restricted and used only for assigned specific work purposes during the usage of the device.
Note: To affect the changes mentioned above to your device(s) you need to have the devices enrolled in the policy which you have hardened by executing the above steps. Your device needs to be on a stable data connection to be able to sync with the policy and be classified as a “hardened device.”
Pro’s
- By following the above steps, you have successfully hardened the device and made it a secure device.
- You can access all the files on the device. In case of the device being Lost/Stolen/Screen Damage using the device storage explore feature.
- Users can’t load any other applications on the device other than the applications prescribed to be used on the device.
We hope this article was useful. Thank you for reading.
For more WeGuard insights, please explore the Visual Knowledge-base Series
For more details, please do visit https://www.weguard.com
If you need any help on this, do call up WeGuard Support +1 833-936-2253 or contact WeGuard Support Email
Related Articles
Device Security Features - What is WeGuard Admin lock functionality?
Hello and Welcome to WeGuard Enterprise Visual Knowledge-base Series. In this KB article, We will explain about the Admin lock and how to use the functionality. WeGuard adds one more "the most important security" feature to its wings. With "Admin ...Security - Security Settings
Hello and Welcome to WeGuard Enterprise Visual Knowledge-base Series. In this KB article, We will explain about security settings available on WeGuard Enterprise Portal. Security settings, In this section, you have a wide variety of security setting ...Device Security Features - How to prevent keyboard hijacking by whitelisting 3rd party keyboards?
Hello and Welcome to WeGuard Enterprise Visual Knowledge-base Series. In this KB article, We will explain the procedure of whitelisting 3rd party keyboards. Have you ever heard data breach can also happen through the keyboard? Allowing the workforce ...Device States - How to tag as device as "Replaced" device?
Hello and Welcome to WeGuard Enterprise Visual Knowledge-base Series. In this KB article, We will explain the procedure to set the device state as "Replaced" on WeGuard Enterprise Portal. Login to WeGuard console The landing page would show list of ...Device States - How to tag as device as "Lost" device?
Hello and Welcome to WeGuard Enterprise Visual Knowledge-base Series. In this KB article, We will explain the procedure to set the device state as "Lost" on WeGuard Enterprise Portal. Login to WeGuard console From the left menu, click on ‘Devices’ ...