User Device Security Considerations
— Brought to you by 2X Cloud Computing guest blogger Brien M. Posey —
In a virtual desktop environment, it is usually the virtual desktops themselves that received the most attention. Administrators work tirelessly to ensure that virtual desktops are stable, secure, and comply with all of the various corporate policies. When it comes to virtual desktop security however, the physical device from which users access the virtual desktops also needs to be taken into account.
Virtual desktops are accessed through a client component that runs on a desktop PC, tablet, smart phone, or other device. When the client component runs on a desktop PC, the PC is often configured to boot into a standard (and often outdated) operating system from which the virtual desktop client is run. The problem with this approach is that the desktop PC’s operating system can become a major security vulnerability.
Some administrators are quick to dismiss security concerns related to desktop operating systems because the end-users work solely within the confines of a virtual desktop. Even so, malware that makes its way onto the physical desktop can compromise the security of a virtual desktop session. For example, if a physical desktop were to become infected with a key logger then the key logger would be able to record keystrokes from the virtual desktop session. The reason why this is possible is because the virtual desktop client runs as an application on top of the infected operating system. From the key logger’s perspective the virtual desktop client is no different than any other application.
There are a number of different ways to address these types of security issues. For example, free utilities exist that can be used to encrypt keystrokes so as to make them unrecognizable to a key logger. Likewise, a desktop lockdown mechanism such as AppLocker could be used to prevent unauthorized software from running on the physical desktop.
Although both of these approaches are perfectly viable options, it is worth considering the fact that security is an ongoing effort. There is very real administrative overhead associated with maintaining the physical desktop’s security. That being the case, administrators would be wise to consider using a thin client solution to connect users to virtual desktops rather than putting forth the required administrative effort to keep physical desktop operating systems secure.
Some administrators may be quick to dismiss the idea of using a thin client. This is not surprising considering that thin client implementation is sometimes misrepresented as a rip and replace strategy in which physical desktops are replaced with dedicated hardware. Thin client implementation does not have to work this way however. It is sometimes possible to use existing hardware to run a virtual desktop client without the need for a traditional operating system. For example, you might be able to remove the hard disks from the physical desktops and then boot those desktops off of a DVD-ROM, a USB flash drive, or even a network card that is equipped with PXE boot capabilities.
The trick to making these approaches work is to find a virtual desktop client vendor whose software is designed to be booted and run from outside of Windows. Likewise, the physical hardware must support your chosen boot method. For example, the PC’s BIOS must support USB booting if you intend to boot from USB flash drives.
Ultimately, administrators can reduce their administrative burden while also making the environment more secure, simply by booting physical PCs directly to the virtual desktop client.
About Brien M. Posey
Brien Posey is a ten time Microsoft MVP with two decades of IT experience. Prior to becoming a freelance technical writer, Brien served as CIO for a national chain of hospitals and healthcare facilities. He has also worked as a network administrator for some of the nation’s largest insurance companies and for the Department of Defense at Fort Knox.
Since going freelance in 2001, Brien has become a prolific technical author. He has published many thousands of articles and numerous books on a wide variety of topics (primarily focusing on enterprise networking). In addition to his writing, Brien has provided consulting services to clients and speaks at IT events all over the world.
About 2X Software
2X Software is a global leader in virtual desktop and application delivery, remote access and cloud computing solutions. Thousands of enterprises worldwide trust in the reliability and scalability of 2X products. 2X offers a range of solutions to make every company’s shift to cloud computing simple and affordable.