Videos

Securing Virtual Workstations

Securing Virtual Workstations – Five things you need to prepare for when securing virtual workstations.

  1. Data, Email, Applications should not be on the local end-point machine, rather should be hosted.
  2. Local AV should exist on the end-machine if possible and always on the host computer
  3. Firewall policies should be tightened to allow for Virtual connection ports opening and little else except Microsoft Update, printing, AV updates and maybe port 80 for web surfing.  For truly tight security needs, having an executable whitelist program can further prevent usage of applications on a local machine that is not business related.
  4. Virtual Workstations should be connecting via IP address or hostname with approved client encrypted connections (Ipad, iphone, Microsoft compatible programs, MAC etc.).  Its critical to not “remember” passwords to allow someone who steals a computer to break in.
  5. Browser and web surfing should be local to the end-point consumer machine.   Also best practice is a web filtering product for end-points (hosted).

Critical Data should be kept on the host computer and accessible via file shares.  End-point virtual workstations (Windows PC’s, MAC, ipad etc) should be connection vehicles for the applications, data and confidential info.  Restrictions can even be setup via the host server to not allow copy/paste.   The most secure setup is having the connection vehicle just display the screen and move the mouse and keyboard.

AV is important and local AV keeps some of the threats from happening that can load dangerous key-loggers, that can capture your username and password for a future attack against the host.  Host computer should also have a well known fast AV with a low footprint.

Personal Computer or end-point firewall settings (often free and included with the OS) can be an advantage simply because with over 60,000 ports of communication available.  Firewalls can open and allow just the most known and used.  There’s no reason to leave a device wide-open for attack.  Choosing to allow and only-allow applications you use one a regular basis on the end-point connection further locks down security.

Web surfing usually brings the bulk of the threats via trojans, virus, malware etc.  All too often the Virtual workstation is someone’s home computer, ipad or travel computer and therefore is likely to have all sorts of infection potential via less secure networks.  It’s important to keep the personal web  surfing on the client side to prevent the Hosted server from having to fight off unnecessary infections.