DUA Security Considerations (Windows Embedded Standard 2009)
Security is an important consideration when you deploy the Device Update Agent (DUA) component. DUA runs under a user context with sufficient privileges to perform commands that can damage the device run time. For this reason, it is extremely important that DUA only acquire and process command scripts that are intended for the device by the device manufacturer.
DUA offers the following configuration settings to enhance security when it transfers and executes command scripts. Consider the following security features and issues when you use the Device Update Agent (DUA):
DUA can be configured to poll local or remote command paths. In either case, ensure that poll locations cannot be compromised. Command files should come from a known source and should not be tampered with once they are deployed to the command file path poll location.
Command files can be retrieved from a remote server using HTTPS. The HTTPS option allows devices to open secure transfer sessions with a specified update server. To configure DUA for HTTPS, select the HTTPS option under Advanced Settings.
When you use remote HTTP or HTTPS command paths, it is important to evaluate the communication channel between the device and the remote update server. There may be cases when HTTPS is not the desired method of channel security. Alternative methods can be used to secure the channel between the device and the server, such as virtual private network (VPN) connections.
DUA can be configured to authenticate with a remote update server. The following table shows the AutoLogon levels to specify when DUA should provide credentials to the server.
Value Level Description
Use default credentials for intranet requests only.
Use default credentials for all requests.
Never use default credentials.
Note: If HTTPS is not specified, credentials are transferred in clear text. To configure the AutoLogon options, expand the Security Settings section.