Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
VDI Under The Security Microscope
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
rowie3103
50%
50%
rowie3103,
User Rank: Apprentice
10/14/2014 | 4:39:03 PM
User Adoption
User adoption has been very low because I think of 2 main reasons - the User Experience is inadequate or the architecture does not scale. Providing Persistant desktops to 100 people on a PoC is easy, then when you go to 300 the projects typically end up having to acquire more hardware (server aqnd Storage) and the ROI goes out the door.  User Virtualisation (UV) technologies out there today can now provide that nirvana of a Non-Persistant desktop with a persistant look and feel. Providing a single gold image that is reset at log off and if the user has changed any of their settings then that is backended into the UV system. This must also be bi-directional and seamless from thick client to thin and back again, even OS to OS.

The user expeience can be a raft of issues but what I see mostly is poor login/logoff timnes due to poor execution of Windows login scripts, Windows GPO's being sequentially applied, and applied whether they are needed or not. Again UV technologies can assist here with applying GPO's in a multi threaded way, and also moving form a just in case delivery model to a just in time i.e. Load Outlook policies when i start Outlook etc..And of course the dreaded roaming profile .... these can be fixed as well with a good UV strategy.

The other big gotcha in VDI costing, that is never thought of, is Device Based License Control i.e. MS Visio, MS Project, Adobe etc...IF you have 10 licenses of visio for instance and 1,000 users connecting to the VDI envrionment you must license Visio for 1,000 users. See;

https://pinpoint.microsoft.com/Applications/4294982790?locale=en-gb

This becomes quite expensive....

 

My .02 cents worth - a great article and some great comments as well
rowie3103
50%
50%
rowie3103,
User Rank: Apprentice
10/14/2014 | 4:18:51 PM
Re: Virtualized Doesn't Mean Completely Different
Surely by impelementing effective controls like Application Whitelisting anc zero admins we can make virtual and physical PC's a lot more robust ? Certainly utilising a belts and brace approach to security you would deploy whitelisting on the servers and desktops from vendor A, and AV etc.. from Vendor B.

The key here is to ensure the technoklogy you choose has the ability to implement these controls without affecting the user or his experience. 
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
6/18/2014 | 12:24:10 PM
Re: VDI myths versus adoption rate
I hear you, Chrstian. Even for a basic user like me, there will always be that one app that I can only get on my own hard drive. 
RetiredUser
100%
0%
RetiredUser,
User Rank: Ninja
6/18/2014 | 12:18:45 PM
Re: VDI myths versus adoption rate
@Marilyn Cohodas

I dreamed the dream of the cloud when I was young, and it was good.  Then the cloud came, and it was alright, but not what I'd hoped for.  I'd argue the point that we do and always will need PCs, for a particular subset of the tech user at least.  Consider this:  I am offline quite a bit, but I have my clunker Acer with Debian on it that holds every application I need to do what I do; at the heart of it, Git, so I can push back to the cloud when I get online.  I can't imagine life without my own personal box and I don't think I should have to; the cloud is nice for some things, but it isn't the end-all.  That's the user end, of course, and VDI and virtual technologies in general are often thought of more in the server space, where the super users and admins live.  But at the end of the day, while I love my 100+ strong VM farm of test systems, I would choose a small datacenter with real steel, iron and silicon over one that could vanish in a puff of bytes.
Robert McDougal
100%
0%
Robert McDougal,
User Rank: Ninja
6/18/2014 | 11:32:41 AM
Re: Virtualized Doesn't Mean Completely Different
Agreed.  Also, I would like to point out that while I believe VDI is a great technology with great benefits it still suffers from the greatest flaw that traditional computing does, the user.  If a user follows a malicious link on a VDI desktop or Windows PC, the result is the same.

We keep putting up walls but our users keep putting welcome mats down and giving the bad guys milk and cookies.
Randy Naramore
50%
50%
Randy Naramore,
User Rank: Ninja
6/17/2014 | 2:08:20 PM
Re: VDI myths versus adoption rate
Good point, maybe it has and it may be a while before we see that come to fruition.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/17/2014 | 2:02:40 PM
Re: VDI myths versus adoption rate
If the profile resides on the server versus the device, I can see how it simplifies end user device management. As the end of the PC as we know it, I think that train has left the station. If I can access my files and profiles virtually, who needs a PC? 
Randy Naramore
50%
50%
Randy Naramore,
User Rank: Ninja
6/17/2014 | 11:43:12 AM
Re: VDI myths versus adoption rate
I do think it will have a big upside, you can have a wyse device or some kind of boot device that connects back to server where the profile resides. The best part of VDI is the support and how it can all be concentrated back at the server instead of the pc. This will not eliminate pc, and not that I want that but in certain areas it wil help.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/17/2014 | 11:32:36 AM
Re: VDI myths versus adoption rate
Randy, Do you think the problem with VDI is that users want to have their data where they can see it on the hard drive, or is more of a management issue? I would think users are pretty used to working in the cloud and that's less of a factor. What are some other reasons you think VDI won't live up to its promise.
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
6/17/2014 | 2:12:11 AM
Virtualized Doesn't Mean Completely Different
Great train of thought from Black Hat USA.  One must remember that a virtual environment, be it network or OS, still has the potential exploitable holes the actual environment has.  VDI brings ease of management to an ecosystem, but can't block every penetration opportunity by virtue of being virtual.  Plus, you've added more layers of penetration opportunities in the form of thin/fat clients (seen the list of Citrix exploits lately?), VDM connection servers now a target, app virtualization services open to attack and use for transport, and so on.  A needed microscopic review. 
Page 1 / 2   >   >>


News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...