Stethoscope: Securely Configuring Devices without Systems Management

Wednesday, January 30, 2019 - 11:30 am12:00 pm

Andrew M. White


Insecurely configured endpoints are a major risk for both organizations and individuals, one which is particularly hard to address in an increasingly bring-your-own-device world. Netflix works with hundreds of individual contractors, companies, vendors and other third-parties who need access to corporate data and services. These third-parties often have their own devices which Netflix does not own and cannot control yet must secure.

To address these issues, we developed the Stethoscope native app, a tool which recommends to the user configuration changes to improve the security of their device and optionally allows organizations to verify device configuration at authentication time. The app, designed to avoid the operational burdens and risks of traditional systems management tooling, does not require administrator access, is read-only, and is open-source. It guides users through securely configuring their device while providing the context they need to understand why these changes are important. Incorporating Stethoscope into an endpoint strategy helps provide security without the need to fully control or own devices.

Andrew M. White[node:field-speakers-institution]

Andrew worked on user-focused security and behavioral analytics for anomaly detection at Netflix. He holds a PhD in Computer Science from the University of North Carolina at Chapel Hill; his dissertation dealt primarily with mitigating and exploiting side channels in encrypted network traffic.

@conference {226351,
author = {Andrew M. White},
title = {Stethoscope: Securely Configuring Devices without Systems Management},
year = {2019},
address = {Burlingame, CA},
publisher = {USENIX Association},
month = jan

Presentation Video