Best Practices for Security (Windows Embedded Standard 2009)


When you create a run-time image for an embedded device, you must consider how your device will be used, and the security threats it is vulnerable to. It is imperative to add safety measures to guard against network attacks, such as worms or viruses, as well as local attacks, such as unauthorized access. Configuring security mechanisms can increase your protection against such attacks and reduce the amount of downtime when devices are deployed in the field.

Basic Security Tips

  1. Identify security threats.
  2. Implement security features in your run-time image.
  3. Choose a servicing strategy.

Security is an ongoing process. Just because you add security features to your run-time image does not mean that you are no longer at risk. The fundamental step for improving the security of your run-time image is to add a servicing strategy. A servicing strategy allows you to add software updates and patches to your device.

When you create a servicing strategy, you must first consider the security requirements of your run-time image. Part of servicing is determining how you will update your run-time image with updated patches and fixes for network security features, user settings, virus protection, and other settings. You can service a device by manually installing updates to your image, re-imaging your device, or by adding a servicing mechanism to your run-time image. By adding a servicing mechanism component, such as DUA, you can automatically download and install updates.

By adding a servicing strategy to your run-time image, you will be better protected from potential threats throughout the lifecycle of your device. For more information, see Servicing.

Network Security Considerations

Describes networking-specific security threats, resolutions, and best practices.

Local Security Considerations

Describes local security threats, resolutions, and best practices.

How to Protect your Run-Time Image

Describes the end-to-end process for protecting your run-time image.


Describes the ways in which you can service a deployed run-time image.

Community Additions