Manage Deployment Key Compromise
If you determine that a key has been compromised, take action to protect your network's integrity and security. Compromised keys can pose significant risks, as they may allow unauthorized access to your network.
This section outlines the necessary actions to be taken to ensure network security and continuity, including deactivating compromised keys, understanding the effects on existing clients, and steps for activating and distributing a new key for secure device registration.
-
Deactivate the Compromised Key: Deactivate the compromised key. This action prevents
any further device registrations using the deactivated key, ensuring that your network
remains secure.
To deactivate a deployment key, perform the following steps:
- Navigate to Connect > End User Connectivity.
- Click Internet Security.
- In the Deployment Management section, expand the device type.
- Click Deactivate in the Action column.
Upon deactivating the compromised deployment key, it is important to consider its implications on both existing clients and the registration of new devices:
- Effect on existing clients: It's important to note that deactivating a key will not disrupt the operation of clients already using it. These clients will continue to function normally, minimizing any potential impact on your current network operations.
- Limitations for new devices: However, deactivated keys cannot be used for registering new devices. This means that any device attempting to register itself with the deactivated key will be unable to do so.
Devices that are deleted from the dashboard will automatically get reregistered when the Umbrella module is restarted, provided the deployment key in their Chromebook configuration file is active.
- Activate the new deployment key: To facilitate the registration of new devices, you must activate a different deployment key. This new key will replace the compromised one and will be used for future device registrations.
- Download a new profile: After the new key is activated, download a new profile, specifically the Chromebook configuration file. This file contains the updated information, including the new active deployment key.
- Distribute the new profile to new devices: Distribute the updated Chromebook configuration file to any new devices that need to connect to your network. This ensures that they have the correct and secure credentials to register and operate within your network environment.
- Update the Chromebook configuration file for registered devices: Devices that are already registered and require an update to the Chromebook configuration file will automatically receive changes once the configuration is updated in the Google Admin console.