Insights For Success

Strategy, Innovation, Leadership and Security

Is Google's Chromebook the ultimate in secure travel computing?

technologyEdward KiledjianComment

When I first heard about the Google Chromebook, I couldn't understand why anybody would buy a computer that only "ran a browser". Sure you could buy one for $300-500 but then again, you can pickup a "cheap" windows based laptop for about the same price. 

Notes from my day job

My day job is being the Chief Information Security Officer (CISO) of a large multinational manufacturer. When our employees travel to high risk locations, they are equipped with a special laptop with a hardened image and they are instructed to only load the bare minimum amount of information needed during this trip. We ask that everything else be kept on our company servers.

Why do we do this? Because the risk of having your equipment hacked is higher in some countries. Add to that the fact that most countries and ask you to log into your computer so that it can be "inspected" at the border. 

Chromebook is the safest travel computer

So the Google Chromebook is designed to run a special operating system called the ChromeOS. It is basically a thin Linux operating system on which Google runs a customized version of their famous Chrome browser.

Because the entire system is the Chrome browser, you can't "install" typical applications. Sure this can be a pain but it is also one of the features that makes the Chromebook so secure. Even clicking on a malicious email or browsing a malicious website can't stealthily install malware. ChromeOS supports Flash but a malicious Flash attack using advertising networks can't infect your Chromebook. ChromeOS also doesn't run Java so you're safe from all of those attacks.

You can install a malicious Chrome extension or one that is made malicious later through an update but you should only be installing extensions from trusted brand name developers. 

So obviously Chrome is extremely difficult to hack which makes it a better option for high risk travel. Most Chromebooks come with a small token amount of storage because the entire premise of the Chromebook is that you should store your files in the cloud. 

Easy & automatic encryption

Upon initial setup of your Chromebook, Google creates a private encryption key for you using the eCryptfs encrypting file system. This means an unauthorized person cannot see your data even if they rip our the drive. 

Boot up secure check

Every time you boot a Chromebook, it runs a Verified boot process to ensure the software hasn't been tampered with. It checks every loaded component as it loads from Kernel to drivers (making sure they are the genuine unmodified Google provided versions).

This means that every time you log into a Chromebook, you can be assured you are logging into a secure login environment. This is much better than any Windows or Mac computer. 

Update your system to stay secure

Anytime a vulnerability is discovered, software manufacturers rush to push out updates to their products. Microsoft has automated the process as much as possible but Google's Chromebook once again wins this round. 

Google releases updates on an as needed basis or at least once every 6 weeks. Like the Chrome browser, the Chromebook automatically downloads and install the update with no user intervention. In the case of the Chromebook though, this process can update everything from the lowest level operating system function to how extensions are handled. 

Just to be safe, Chromebook keeps a copy of the last known good version onboard and can quickly boot to it if the unthinkable happens during an update.

Ultimate privacy 

We all know you can enable Incognito mode to browse privately and not leave too many trails. Google's Chromebook has a mode called Guest Mode which is Incognito on steroids. You can log into a Chromebook as a guest (without credentials) and everything you do during the session is ephemeral and wiped at the end of your session. 

Reinstallation takes minutes

If things aren't working just right or you want to ensure you are working with a fresh clean version of the operating system then you can enable a feature called PowerWash. PowerWash basically performs a complete factory reset of the device bringing it back to an original out of the box state (within minutes). My Acer C720P can perform a PowerWash and show me a login prompt within 5 minutes. 

Why would you want to perform a PowerWash? Because something isn't working  and you can't figure out what. Or you just visited a high risk country and even though a Chromebook is fairly secure, you want the additional piece of mind that comes from a fresh cleanly reinstalled operating environment. 

The Google security goodness

In addition to everything I wrote above, you get the extra security features Google has built into Chrome which means all transactions with Google are performed over a secure TLS connection. 

If anyone tries to spoof a google certificate to steal your credentials (man in the middle style attack), the browser will notify you and prevent the attack. 

You get GMAIL's perfect forward secrecy.

VPN your way to a more secure connection

The best security comes from multiple layers of protection. In addition to everything I mentioned above, you can use a VPN service to tunnel your way out of the badlands into a safer internet. 

Google's Chromebook supports 3 types of VPN connections:

  1. L2TP over IPsec with PSK
  2. L2TP over IPsec with certificate-based authentication
  3. OpenVPN

The last one is the safest and should be your preferred option. Not only does establishing a VPN prevent someone from eavesdropping on your "internet discussion", it also means you can access sites that may be forbidden in your destination country (think Facebook from China or HULU from Canada). 

Conclusion

Yes the Chromebook is much more limiting than a traditional computer but the truth is many users have migrated from laptops or desktops to tablets. If you can live with a tablet then the Chromebook is a no brainer. 

Not only is it more secure but the fact that you have no maintenance to perform is a wonderful feeling. We use a Chromebook as a 3rd or 4th computing device in the house and my wife uses it to show websites to potential clients. It boots in 7 seconds and doesn't slow down with continued use (I'm looking at you Windows). 

Over the last 24 months I went from a Chromebook hater to a Chromebook lover. You can even splurge on Google's new and update Chromebook Pixel. It is a reference design by Google that costs $999 but offers everything you could ever want in a Chromebook. Incredibly responsive keyboard and trackpad. Super high resolution touch screen. 9-12 hours of battery life. Solid metal construction.