Comments: The security policy we deploy depends on the protected content and objects. A friend once told me to use a dog to protect the backdoors and use a shotgun to protect the front doors. This is also the case when it comes to virtual desktop security.
The key point is that the security policy we deploy depends on the protected content and objects. Thieves always walk in the back door, while your little girl's boyfriend always comes in from the front door. We expect the thief to escape immediately when he hears the backdoors of the fig, but the little boyfriend came in from the front door and shook hands with him enthusiastically, allowing him to see the shotgun at the door.
Similarly, virtual and physical desktops require different security technologies. In virtual desktops, we protect different types of assets, and even different potential users-also include new risks. Some standard desktop security practices used in the physical world, but others may be outdated in the VDI environment.
The differences between physical and virtual desktop security are as follows:
Virus Processing
Getting rid of a virus in a virtual desktop is just like eliminating a mouse in a city, and it is as difficult as affecting households and their families. By using a golden image, the desktop health status is retained for easy recovery. You only need to disable the VM for emergency maintenance and force exit all sessions, and then place them in an isolated network or let the user start to an image. Make sure that you have a strict local firewall policy until the virus is completely cleared from the network.
Many administrators are used to disabling Windows built-in firewall because it greatly increases the difficulty of system management, but it is effective for the security of virtual desktops. Create a gold image with Windows Firewall disabled, and then create a normal version with the Firewall Enabled-with strict access restrictions, only one-way external connection is allowed. In the event of a virus, force all users to use a version with a firewall as the basic image. In this way, they can access their own resources, but each system is isolated.
For virus detection problems, the VDI security administrator should also change their policies. Imagine 2000 (even 200) virtual machines scanning their hard disks at the same time. The increasing storage I/O load will paralyze the entire environment.
The following are some new virtual desktop security policies worth considering:
Use random download and scan windows to limit the number of systems that run upgrades and perform full scans.
Use your anti-virus product for pre-scan, select to agree or ignore gold images or clone system files. Instead, it only scans new and modified files. Every major manufacturer now creates special programs for VDI gold images.
Control the use of Ethernet
System and user policies become more popular when the environment is upgraded to a virtual desktop. IT enterprises should gradually become familiar with policy-based control, such as group policy objects and Symantec terminal protection. These policies improve VDI security through centralized control of the user environment.
The following are some areas that you can easily control through the virtual desktop security policy:
Browser temporary file storage time limit
Types of files that can be downloaded
File. Use this policy to control the site for better visibility
Control executable scripts
Sites with higher priority
In the past, security policies may not be necessary for VDI security. The following is a detailed comparison of the differences between physical and virtual security: