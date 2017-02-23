Netflix unveils open source user device security tool

by Rene Millman  |  Thursday 23 February 2017  | Comment Now
Actionable information and low-friction tools for users can get devices into a more secure state without heavy-handed policy enforcement.

Video streaming company Netflix has launched a new open source tool to help users make better choices around device security.

Dubbed Stethoscope, the tool collects information about user devices to give users clear and concise recommendations on how to secure them.

In a blog post, Netflix engineers Jesse Kriss and Andrew White said that if employees are provided with focused, actionable information and low-friction tools, “we believe they can get their devices into a more secure state without heavy-handed policy enforcement”.

“It's important to us that people understand what simple steps they can take to improve the security state of their devices, because personal devices–which we don't control–may very well be the first target of attack for phishing, malware, and other exploits. If they fall for a phishing attack on their personal laptop, that may be the first step in an attack on our systems here at Netflix.”

The tool collects information from both desktop and mobile devices and from enterprise management systems such as LANDESK (for Windows), JAMF (for Macs), and Google MDM (for mobile devices).

It also evaluates device configurations such as disk encryption, firewall status, screen saver lock and password, operating system patching and auto-updating as well as device rooting and jailbreaks. It also checks to see whether monitoring software tools are installed.

Stethoscope requires Python for the back end. The Nginx web server and reverse proxy and can be run as a Docker container. It is available on the Github open source code repository under an Apache 2.0 licence.

