BetaArchive Logo
Navigation Home Screenshots Image Uploader Server Info FTP Servers Wiki Forum RSS Feed Rules Please Donate
UP: 23d, 12h, 19m | CPU: 26% | MEM: 6039MB of 11245MB used
{The community for beta collectors}

Forum rules


Any off topic discussions should go in this forum. Post count is not increased by posting here.
FTP Access status is required to post in this forum. Find out how to get it


Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 1 post ] 
Author Message
 PostPost subject: Are virtual desktops more secure?        Posted: Fri Feb 13, 2009 1:41 am 
User avatar
Offline

Joined
Sat Dec 20, 2008 10:39 am

Posts
79

Location
Norway

Favourite OS
Windows 7
Are virtual desktops more secure?

By Andrew Hendry


Desktop virtualisation separates the desktop device from the underlying hardware and the applications from the operating system, while still giving users a full PC desktop experience.

According to Citrix senior director of product marketing, John Humphreys, advances in desktop virtualisation software are now allowing the delivery of full-featured, customisable desktop images (Virtual Desktop Infrastructure or VDI) at lower prices than regular PCs, and with equivalent performance.

VMware A/NZ director of partners, David Blackman, also sees desktop virtual machines – commonly hosted inside the datacentre – as simplifying and reducing costs while maintaining centralised control and security.

“With hosted desktops, only mouse clicks and screen updates leave the datacentre with all documents and applications staying inside the datacentre. No data is stored on the end-user device, providing far greater security and control,” he said.

But Gartner Asia-Pacific research director for information security practices, Andrew Walls, predicted that by 2010, more than 50 per cent of virtualisation implementations will be less secure than on-virtual ones.

“It’s simply a matter of configuration management. [Security shortcomings] are not inherent in the technology, it can be secured beautifully,” he said.

“The issue is more in terms of how well configured it is and how well that configuration is managed – that’s where we will see most of the errors. You have to know what you’re doing, and have the skills and toolsets to help you…it’s still early days but give it a couple of years and it will get stronger.”

Walls warned attack strategies will eventually target the hypervisor – the underlying platform that allows multiple operating systems to run – and charged companies building hypervisors with the responsibility to ensure they are self-defending and self-repairing.

“Defending the hypervisor is a bit different to defending a regular OS. VMware has been putting a lot of emphasis on this, the Xen people under Citrix are doing excellent work in that space, and Microsoft still has a long way to go but they are getting a clue and starting to pursue it,” he said.

IBRS advisor, Dr Kevin McIsaac, has researched VDI for the past 18 months and authored several papers on the subject. After extensive talks with enterprise clients, he believes VARs considering VDI must be very cautious as it “has the potential to turn into a tar pit for sales and technical pre-sales resources with little or no return”.

One of the selling propositions of a virtual desktop is people can use it from home or a public Internet access point. But how do you know who they really are, McIsaac asked.

While you’ve moved the image to a secure location, you’ve now exposed the problem of ‘how do I know who is really accessing that terminal?’ So you need to have an appropriate authentication infrastructure in place,” he said.

“The thing around data loss prevention [DLP] is VDI only solves one particular problem – the security of the endpoint device. The question to ask regarding DLP is: How does any of that stop me from grabbing data, copying it into another program and emailing it somewhere else? It doesn’t.”

McIsaac argued there were security benefits for implementing VDI in certain cases, but claimed the idea that it generally improved security is a gross overstatement.

“What you need to do is realise that it secures one specific thing – the physical security of the desktop image and the data on the desktop – but at the same time you’ve now got an access control problem if people can access it from outside your corporate LAN,” he said.


Top  Profile
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 1 post ] 




Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Jump to:  

All views expressed in these forums are those of the author and do not necessarily represent the views of the BetaArchive site owner.

Powered by phpBB® Forum Software © phpBB Group

Copyright © 2006-2018

 

Sitemap | XML | RSS