[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

XenDesktop risks

Posted on 2012-08-24
12
Medium Priority
?
688 Views
Last Modified: 2012-09-10
What areas should auditors/security focus on when reviweing designs for the implementation of xendesktop for desktop virtualisation, are there any specific areas of concern or that audit/security should focus? In design or configuration?

What are the main risks to xendesktop and desktop virtualisation, and appropriate controls to plug these risks.
0
Comment
Question by:pma111
  • 6
  • 5
12 Comments
 
LVL 124

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 1000 total points
ID: 38328371
Performance Bottlenecks, can the hosts maintain the demand.

As for the desktops themselves, they carry the same risks as physical desktops, and should be managed the same, only the delivery mechanism is different.
0
 
LVL 3

Author Comment

by:pma111
ID: 38328375
How can "Performance Bottlenecks, can the hosts maintain the demand" be audited against though, especially in design stage. What should you look for for some assurances.
0
 
LVL 3

Author Comment

by:pma111
ID: 38328382
>>they carry the same risks as physical desktops

Be also interested if you could expand on the risks to desktops in your view, are you talking about patching of desktop apps?
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 124
ID: 38328400
Check that the number of virtual desktops, has been sized correctly against the infrastructure!

OS Security Updates is one area, Applications Updates another, but also OS setup, enabling firewalls per desktop, security permissions per desktop
0
 
LVL 3

Author Comment

by:pma111
ID: 38328408
Ok thanks, albeit I wont be doing this myself, but "Check that the number of virtual desktops, has been sized correctly against the infrastructure!" is there any general good practice or methodology for measuring the desktop:host ratio based on your past experience?
0
 
LVL 3

Author Comment

by:pma111
ID: 38328411
>>security permissions per desktop

Is this on the virtual desktop itself, or are you talking about access to local shares etc, user permissions on the desktop, i.e group memberships?

Or is this from a data theft perspective, i.e. who could pinch the whole desktop, who can access that dektop? Where are such configured?
0
 
LVL 124
ID: 38328458
user permissions exist on physical and virtual desktops. Both are the same.

Or is this from a data theft perspective, i.e. who could pinch the whole desktop, who can access that dektop? Where are such configured?

- XenDesktop Configuration and SAN
0
 
LVL 3

Author Comment

by:pma111
ID: 38328740
just to sweep up:

Ok thanks, albeit I wont be doing this myself, but "Check that the number of virtual desktops, has been sized correctly against the infrastructure!" is there any general good practice or methodology for measuring the desktop:host ratio based on your past experience?
0
 
LVL 124
ID: 38328811
Yes, Tevron Citratest

http://www.tevron.com/default.asp
0
 
LVL 3

Author Comment

by:pma111
ID: 38328858
>> XenDesktop Configuration and SAN

Can you provide a link or something to where in the xendesktop config the user perms/security perms are set?

Also what is the real risk to a xenapp desktop if another user/hacker got unauthorised access to it? If anything....
0
 
LVL 124
ID: 38329279
There are no specific risks to the XenDesktop product, but all VDI products in general.

Sorry, not currently at a XenDesktop Client.
0
 
LVL 19

Assisted Solution

by:basraj
basraj earned 1000 total points
ID: 38335475
Few things I can think about:

1. Xendesktop should have a security in place in form of Citrix Netscaler or Access Gateway which provides smart access, security and many features
2. When a user access from a non-corporate devices, Citrix netscaler or AGW, will put some restrictions like disabling local client drives, prevent printing, USB and other locks. You can define the smart access, end-point scanning through these products.
3. XenDesktop comes with policies where you can still restrict the above with policies but in an outside world the above products are recommended.

Once everything is setup in proper way, XenDesktop is fast and secure.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question