Security Best Practices

BishopFoxLogo Intel engaged Bishop Fox to conduct advanced level security assessments through API penetration testing, external penetration testing, internal penetration testing & remediation testing by highly skilled penetration testers. Bishop Fox is the largest private professional services firm focused on offensive security testing.

Security features:

Intel® Corporation and Colfax International, who host Intel® DevCloud for the Edge, follow industry best practices to protect the security of DevCloud users and their uploaded data. The following security features have been enabled to protect DevCloud user and their assets:

  • All user data uploaded to the DevCloud (e.g., AI models, code, executables, data sets, etc.) is protected from access by other usersthrough standard Linux privilege controls.
  • Operating systems are hardened to prevent cross-tenant data access, meaning that:
    • - users are blocked by default from seeing/listing other users' or system processes,
    • - no root access will be granted under any circumstance,
    • - access to edge compute nodes is provided on the basis of one user at a time,
    • - we constantly monitor all DevCloud infrastructure for malicious activity, such as incoming and outgoing network connections, processes bypassing the queue, malware, and erroneous jobs.
  • Any hard drives removed from the infrastructure are either wiped (if working) or physically destroyed (if not working).
  • When a user account is terminated, whether through access period expiration or at the user's request, all data uploaded or created in the DevCloud by that user is permanently deleted. It is not possible to retrieve any user data, for any reason, after an account has been terminated.
  • Storage servers for user-uploaded data are maintained in a secure room with restricted key-based access to authorized personnel only.
  • Whole disk encryption is enabled on the hard disks of the storage servers to prevent unauthorized access to user-uploaded data.

Things to be aware of:

  • User-uploaded data (e.g., code, executables, data sets, etc.) is protected from access by other users through standard Linux privilege controls. This data may be reviewed by designated Colfax staff for security enforcement and troubleshooting.
  • User authentication is based on a 6-digit code sent to the user's registered email. This code is required for each new device (browser/computer) logging into the DevCloud portal. It expires after a time period and a renewal of verification is requested.
  • User-uploaded data is not backed up in any form. Users are responsible for maintaining their own data backups.

Good Practices:

The computers and networks that make up the Intel® DevCloud for the Edge are shared with other users. Although default permissions and settings are configured for each user's security, each user should practice reasonable caution within the Intel® DevCloud for the Edge environment. No product or component can be absolutely secure.

  • Do not share your invitation email or access credentials with anyone.
  • Do not set Linux permissions on your files or allow them to be read by others.
  • Do not run servers that listen to network connections on a local port and grant access to your data.
  • Do not store data in shared directories, such as /tmp, /var/tmp, or /dev/shm.
  • Delete browser cookies and your cache after using a shared computer. Ensure that automatic login is disabled.
  • Exercise caution when uploading data. Do not upload content that contains personally identifiable, sensitive, or confidential proprietary information. Users are encouraged to utilize encryption or other security protections to protect data.