Does your Citrix or Terminal Server environment have an Achilles heel?

Size: px
Start display at page:

Download "Does your Citrix or Terminal Server environment have an Achilles heel?"

Transcription

1 CRYPTZONE WHITE PAPER Does your Citrix or Terminal Server environment have an Achilles heel? Moving away from IP-centric to role-based access controls to secure Citrix and Terminal Server user access cryptzone.com

2 Table of Contents Executive Summary... 3 The Popularity of Virtual Desktops... 3 The Inherent Security Risks of Multi-User Desktop Environments... 3 More Security is Needed... 4 Moving Away from IP-centric to Role-based Access Controls... 4 Conclusion

3 Executive Summary Citrix and Terminal Servers provide highly valuable functionality for session-based access, but to date have had an Achilles heel when it comes to privileged account management across multiple users. Citrix and Terminal Servers allow multiple virtual desktops to share a single hardware resource. This grants several benefits, but also causes additional security concerns not typically found in traditional distributed desktop environments. Citrix and others have primarily focused on securing user access to the virtual desktop infrastructure, but not enough attention has been paid toward securing access to the datacenter applications these users utilize. The Popularity of Virtual Desktops This white paper will highlight the information security risks inherent in all multiuser virtual desktop solutions, and offer a better way to secure access using a zero trust security methodology. Many enterprises have chosen to virtualize their corporate desktop environments either using Citrix s XenDesktop and XenApp solutions or Terminal Servers. These are Windows-based multiuser systems, which are used to present corporate applications to employees in a secure and controlled environment. The technology is a real business asset, great for presenting applications or a desktop to any user from almost any device and any location. There are multiple use cases for these systems including remote access, as jump servers connected to secure networks, or as access to privileged applications and resources. They also allow an organization to greatly reduce its need to manage employee devices, and are designed to increase application response without data leaving the corporate network. Many of these benefits are derived from being able to place the virtual desktops on hardware that is within the datacenter. The Inherent Security Risks of Multi-User Desktop Environments Citrix Users Virtual Desktop Infrastructure Internal External 192.###.### ###.###.100 SSL NETSCALER FIREWALL This virtual placement of client desktops inside the datacenter also results in many security concerns. Citrix has published a white paper 1 detailing many of the risks inherent in environments with multi-user desktops and virtual desktop infrastructure (VDI). These include remote access to the virtualized desktop environment, the proliferation of unmanaged personal devices used to connect to that environment, the access that virtual desktop users have to downstream network resources, and the concentration of corporate resources onto a few virtual hosts rather than being distributed among multiple user workstations. To counteract these vulnerabilities, Citrix recommends utilizing their NetScaler appliance as shown in Figure 1. Figure 1 2 Data Centers SERVERS WAN SERVERS 1 2 Cryptzone representation of NetScaler use 3

4 The threat of a Citrix server being compromised either by malware or a malicious user exploiting vulnerabilities in the system is too dangerous to be ignored. A single successful attack now has the potential to impact a substantial number of critical applications. Most security solutions, such as Citrix s NetScaler, focus on securing access to the multiuser desktop itself. With this product or using similar solutions, an organization can address several important concerns in this area including: External Network Firewall - Blocks external users or attackers from accessing datacenter resources, including the virtual desktop infrastructure and multi-user desktop systems. Intrusion Detection/Prevention - Monitors application data entering and leaving the datacenter. When malicious traffic is identified by comparing it to known attack signatures, the intrusion prevention system (IPS) drops the connection and/or logs the event. Secure Remote Access - An SSL-VPN server provides access control and a secure encrypted tunnel for connections. This allows only authenticated users on authorized, compliant devices to connect to desktop resources. An often less addressed area is securing access from the multi-user desktop to datacenter applications and resources. The challenge is that all traffic using the Citrix/Terminal Server is seen on the network as coming from a single IP address, sometimes representing dozens of users. Using VDI to give each individual a complete virtual desktop system rather than publishing multiple user spaces on a single OS Kernel space is a costly alternative that only addresses a small portion of the issue. Networklayer IP-centric access controls do not take the actual user into account. For a traditional firewall, this means that an access rule is needed to allow the server to access every resource that any user on that server could need. In the case of VDI desktop pools it means preassigning each individual user s IP address in a predictable way. In practice, these access rules can often become a permit all for the Citrix/Terminal Server multiuser desktop or VDI environment IP address pools. More Security is Needed The new threat landscape we now live in requires us to consider the security implications of compromised accounts and machines far more than in the past. The threat of a Citrix server being compromised either by malware or a malicious user exploiting vulnerabilities in the system is too dangerous to be ignored. A single successful attack now has the potential to impact a substantial number of critical applications. For example, there have been a number of reported break-ins where compromised credentials allowed access to a terminal server that was acting as a jump box. This terminal server access provided the opening that attackers required to establish unimpeded access to retail POS systems. This single compromised account led to countless credit card details and customer records being stolen. In today s evolving threat landscape new vulnerabilities are constantly being discovered in operating systems, and Citrix and Microsoft both stress the need to always install their latest security updates. However this process of enumerating bad behavior is limited to a reactive approach to security. New malware and attack vectors are always being developed, and a compromised Citrix server with access to secure network areas can be used as a launching point for a serious attack. The reason that attacks like this are successful is because controlling a user s access to their desktop and/or applications is just one side of the equation. In order to truly protect corporate data and resources there also needs to be tight user-based controls around network access from virtual desktops. Moving Away from IP-centric to Role-based Access Controls To solve this problem, enterprises need to move away from IP-centric architectures to a role-based security model that maintains the distinction between individual users connecting through a Citrix or Windows Terminal, then provisions access on the network and application level depending on those users roles and attributes. Cryptzone s AppGate can deliver this functionality, by replacing Discretionary Access Control (DAC) devices like traditional and next generation firewall systems with a fully context aware user and session specific dynamic application firewall. 4

5 By placing the AppGate Security Server between the VDI and multiuser desktop environment and the rest of the corporate datacenter this access can be securely controlled (see Figure 2). Unlike traditional firewalls, AppGate is able to dynamically enforce access on a per user basis, even when those users share the same physical host. It accomplishes this using Cryptzone s patented methodology that uniquely identifies each virtual desktop s traffic on the network on a per user session basis. TM Cluster Internal External Encryption- Always assume that unauthorized users are able to intercept communication, regardless of whether services are accessed internally or remotely. All communication between the AppGate client running on the virtual desktop and the AppGate server is strongly encrypted using one of several configurable methods. Authentication - Strong user authentication is the first step in gaining authorized access to applications, services and data essential for information security and risk mitigation. The user is prompted for authentication credentials including one or multiple chained authentication methods such as Active Directory, Radius, RSA, or builtin options like Cryptzone s OTP. 192.###.### ###.###.100 Citrix Users & Virtual Desktop Infrastructure User A Cryptzone AppGate Cryptzone AppGate SSL NETSCALER User B Session Authorization - In an environment where users can access information from different types of devices in a wide array of locations, advanced authorization methods must include the ability to capture the posture and context of each session. Once credentials are authenticated, the AppGate server examines contextual data such as client posture information (anti-virus (AV) version, corporate watermarks, etc.), time of day, geographic location, and more. AppGate TM WALLED-GARDEN User Account groups attributes Device Attributes posture context POLICY ENGINE ACL USER A TUNNELING DRIVER User Traffic Isolated For Individualized Policy Treatment WALLED-GARDEN User Account groups attributes Device Attributes posture context POLICY ENGINE ACL USER B Policy Enforcement - Each transaction must be evaluated against security policies to determine which resources should be made available to a specific user, on a specific device, in a specific environment. Account information gathered from the authentication source and contextual data gathered during the authorization phase are used to determine what services, applications and resources are presented to the user. Access rules are then dynamically created when the user accesses a resource, and are torn down once the user disconnects from that resource. In this way there are never any permanent permit all style access rules to be exploited by attackers. This also prevents any potential attacker from scanning the datacenter to determine what IP addresses and ports are available to exploit. Data Centers SECURE MICRO-SEGMENT SECURE MICRO-SEGMENT Global Audit and Logging - All session activity is recorded in an enforceable manner to assist with both investigations and compliance reporting. All user access must be systematically logged and accurately tracked to support on-demand security reporting and auditing for compliance. Figure 2 In figure 2 above the AppGate cluster (appliance or VM) is placed between the Citrix/Terminal Server farm and any area of the network that needs a higher degree of security. Two users are connected to the same virtual desktop server: User A from an internal network and User B through an external SSL VPN. The AppGate server provides an individual user-specific policy for controlling access to the network connected resources in the data center. When either needs to access a secured datacenter resource, they launch the AppGate client and connect to the AppGate server using a five layer security model: Conclusion Multi-user and virtual desktop infrastructures like Citrix s XenDesktop and XenApp solutions or Terminal Server offer too many tangible benefits to be ignored, but they also come with several security concerns. Securing Citrix user access requires more than just authenticating a user before they access their desktop. With AppGate, an organization is in a much better position to defend against cyber attacks than if its Citrix and Terminal Server users were represented by a single IP address. It can provision access to network resources and applications based on what an individual needs to do their job, rather than everybody who uses the same server. AppGate can also produce better security alerts - and meet compliance objectives - via the ability to trace activity back to a single user. 5

6 About Cryptzone Cryptzone secures the enterprise with dynamic, identity-driven security solutions that protect critical services, applications and content from internal and external threats. For over a decade, enterprises have turned to Cryptzone to galvanize their Cloud and network security with responsive protection and access intelligence. More than 750 public sector and enterprise customers, including some of the leading names in technology, manufacturing and consumer products trust Cryptzone to keep their data and applications secure. For more information go to or follow Americas: Europe, Middle East, Africa: (UK, SE, DACH ) Copyright 2015 Cryptzone North America Inc. All rights reserved. Cryptzone, The Cryptzone Logo and AppGate are trademarks of Cryptzone North America Inc., or its affiliates. Microsoft is a registered trademark of Microsoft Corporation in the United States and/or other countries. All other product names mentioned herein are trademarks of their respective owners. 6

Deployment Guide for Citrix XenDesktop

Deployment Guide for Citrix XenDesktop Deployment Guide for Citrix XenDesktop Securing and Accelerating Citrix XenDesktop with Palo Alto Networks Next-Generation Firewall and Citrix NetScaler Joint Solution Table of Contents 1. Overview...

More information

FIREWALL. Features SECURITY OF INFORMATION TECHNOLOGIES

FIREWALL. Features SECURITY OF INFORMATION TECHNOLOGIES FIREWALL Features SECURITY OF INFORMATION TECHNOLOGIES To ensure that they stay competitive and in order to expand their activity, businesses today know it is in their best interests to open up more channels

More information

Critical Security Controls

Critical Security Controls Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security

More information

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s During the period between November 2012 and March 2013, Symantec Consulting Services partnered with Bomgar to assess the security

More information

Achieving PCI-Compliance through Cyberoam

Achieving PCI-Compliance through Cyberoam White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

Organizations Continue to Rely on Outdated Technologies, When Advanced Threats a Reality

Organizations Continue to Rely on Outdated Technologies, When Advanced Threats a Reality NETWORK SECURITY SURVEY RESULTS Is Network Access Putting You at Risk? Organizations Continue to Rely on Outdated Technologies, When Advanced Threats a Reality Introductions Given the proliferation of

More information

Remote Vendor Monitoring

Remote Vendor Monitoring ` Remote Vendor Monitoring How to Record All Remote Access (via SSL VPN Gateway Sessions) An ObserveIT Whitepaper Daniel Petri March 2008 Copyright 2008 ObserveIT Ltd. 2 Table of Contents Executive Summary...

More information

Whitepaper. Securing Visitor Access through Network Access Control Technology

Whitepaper. Securing Visitor Access through Network Access Control Technology Securing Visitor Access through Contents Introduction 3 The ForeScout Solution for Securing Visitor Access 4 Implementing Security Policies for Visitor Access 4 Providing Secure Visitor Access How it works.

More information

Securing Remote Vendor Access with Privileged Account Security

Securing Remote Vendor Access with Privileged Account Security Securing Remote Vendor Access with Privileged Account Security Table of Contents Introduction to privileged remote third-party access 3 Do you know who your remote vendors are? 3 The risk: unmanaged credentials

More information

Easy and secure application access from anywhere

Easy and secure application access from anywhere Easy and secure application access from anywhere Citrix is the leading secure access solution for applications and desktops HDX SmartAccess Delivers simple and seamless secure access anywhere Data security

More information

Meeting the Challenges of Virtualization Security

Meeting the Challenges of Virtualization Security Meeting the Challenges of Virtualization Security Coordinate Security. Server Defense for Virtual Machines A Trend Micro White Paper August 2009 I. INTRODUCTION Virtualization enables your organization

More information

Building A Secure Microsoft Exchange Continuity Appliance

Building A Secure Microsoft Exchange Continuity Appliance Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building

More information

Securing Endpoints without a Security Expert

Securing Endpoints without a Security Expert How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series

More information

Proven LANDesk Solutions

Proven LANDesk Solutions LANDesk Solutions Descriptions Proven LANDesk Solutions IT departments face pressure to reduce costs, reduce risk, and increase productivity in the midst of growing IT complexity. More than 4,300 organizations

More information

SSL VPN A look at UCD through the tunnel

SSL VPN A look at UCD through the tunnel SSL VPN A look at UCD through the tunnel Background Why? Who is it for? Stakeholders IET Library Schools and Colleges Key Requirements Integrate with existing authentication Flexible security groups within

More information

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions The objective of Implementing Citrix NetScaler 10.5 for App and Desktop Solutions is to provide the foundational concepts and skills

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Network Access Control in Virtual Environments. Technical Note

Network Access Control in Virtual Environments. Technical Note Contents Security Considerations in.... 3 Addressing Virtualization Security Challenges using NAC and Endpoint Compliance... 3 Visibility and Profiling of VMs.... 4 Identification of Rogue or Unapproved

More information

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise WICKSoft Corporation http://www.wicksoft.com Copyright WICKSoft 2007. WICKSoft Mobile Documents

More information

Sophistication of attacks will keep improving, especially APT and zero-day exploits

Sophistication of attacks will keep improving, especially APT and zero-day exploits FAQ Isla Q&A General What is Isla? Isla is an innovative, enterprise-class web malware isolation system that prevents all browser-borne malware from penetrating corporate networks and infecting endpoint

More information

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide

More information

New Trends in Security Threats

New Trends in Security Threats TRANSCRIPT New Trends in Security Threats Advice for CSOs on what they need to be asking their security vendors and how to protect against security threats Executive Summary Recently Dark Reading sat down

More information

SECURE ACCESS TO THE VIRTUAL DATA CENTER

SECURE ACCESS TO THE VIRTUAL DATA CENTER SOLUTION BRIEF SECURE ACCESS TO THE VIRTUAL DATA CENTER Ensure that Remote Users Can Securely Access the Virtual Data Center s Virtual Desktops and Other Resources Challenge VDI is driving a unique need

More information

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Driving Company Security is Challenging. Centralized Management Makes it Simple. Driving Company Security is Challenging. Centralized Management Makes it Simple. Overview - P3 Security Threats, Downtime and High Costs - P3 Threats to Company Security and Profitability - P4 A Revolutionary

More information

Certified PCI Compliant and Still Breached. 4 Cornerstones of Securing Payment Card Data

Certified PCI Compliant and Still Breached. 4 Cornerstones of Securing Payment Card Data Certified PCI Compliant and Still Breached Cornerstones of Securing Payment Card Data Table of Contents Executive Summary The Challenges of Payment Card Security in 201 and Beyond Cornerstones of Securing

More information

DeltaV Cyber Security Solutions

DeltaV Cyber Security Solutions TM DeltaV Cyber Security Solutions A Guide to Securing Your Process A long history of cyber security In pioneering the use of commercial off-the-shelf technology in process control, the DeltaV digital

More information

Family Datasheet AEP Series A

Family Datasheet AEP Series A Trusted Security Everywhere Family Datasheet AEP Series A Covering: Hardware Edition Virtual Edition Load Balancer AEP Networks, Inc. All rights reserved. Secure Application Access 2500. 4500. 6500. 8500

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Endpoint Security: Become Aware of Virtual Desktop Infrastructures!

Endpoint Security: Become Aware of Virtual Desktop Infrastructures! Endpoint Security: Become Aware of Virtual Desktop Infrastructures! An Ogren Group Special Report May 2011 Executive Summary Virtual desktops infrastructures, VDI, present IT with the unique opportunity

More information

Achieving PCI Compliance Using F5 Products

Achieving PCI Compliance Using F5 Products Achieving PCI Compliance Using F5 Products Overview In April 2000, Visa launched its Cardholder Information Security Program (CISP) -- a set of mandates designed to protect its cardholders from identity

More information

Industrial Security Solutions

Industrial Security Solutions Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats

More information

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks Tech Brief Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks Introduction In today s era of increasing mobile computing, one of the greatest challenges

More information

Enterprise Desktop Solutions: VMware View 4.5

Enterprise Desktop Solutions: VMware View 4.5 C H E A T S H E E T Enterprise Desktop Solutions: What is VMware View? VMware View 4.5 is the leading desktop virtualization solution, built for delivering desktops as a managed service from the platform

More information

Beyond the Hype: Advanced Persistent Threats

Beyond the Hype: Advanced Persistent Threats Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,

More information

Microsoft and Citrix: Joint Virtual Desktop Infrastructure (VDI) Offering

Microsoft and Citrix: Joint Virtual Desktop Infrastructure (VDI) Offering Microsoft and Citrix: Joint Virtual Desktop Infrastructure (VDI) Offering Architectural Guidance July 2009 The information contained in this document represents the current view of Microsoft Corporation

More information

McAfee Acquires NitroSecurity

McAfee Acquires NitroSecurity McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security

More information

Enterprise Security Platform for Government

Enterprise Security Platform for Government Enterprise Security Platform for Government Today s Cybersecurity Challenges in Government Governments are seeking greater efficiency and lower costs, adopting Shared Services models, consolidating data

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

Enforcing Security Policies

Enforcing Security Policies Enforcing Security Policies Key Differentiator NetVanta Microsoft Desktop Auditing Providing Insight Into Your Network With an increasingly mobile workforce, technology portability, and the increase in

More information

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary Course Summary Description The objective of this course is to provide the foundational concepts and teach the skills necessary to implement, configure, secure and monitor a Citrix NetScaler system with

More information

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks WHITE PAPER The Need for Wireless Intrusion Prevention in Retail Networks The Need for Wireless Intrusion Prevention in Retail Networks Firewalls and VPNs are well-established perimeter security solutions.

More information

Trend Micro Cloud Security for Citrix CloudPlatform

Trend Micro Cloud Security for Citrix CloudPlatform Trend Micro Cloud Security for Citrix CloudPlatform Proven Security Solutions for Public, Private and Hybrid Clouds 2 Trend Micro Provides Security for Citrix CloudPlatform Organizations today are embracing

More information

When enterprise mobility strategies are discussed, security is usually one of the first topics

When enterprise mobility strategies are discussed, security is usually one of the first topics Acronis 2002-2014 Introduction When enterprise mobility strategies are discussed, security is usually one of the first topics on the table. So it should come as no surprise that Acronis Access Advanced

More information

COORDINATED THREAT CONTROL

COORDINATED THREAT CONTROL APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,

More information

Inspection of Encrypted HTTPS Traffic

Inspection of Encrypted HTTPS Traffic Technical Note Inspection of Encrypted HTTPS Traffic StoneGate version 5.0 SSL/TLS Inspection T e c h n i c a l N o t e I n s p e c t i o n o f E n c r y p t e d H T T P S T r a f f i c 1 Table of Contents

More information

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Seven Things To Consider When Evaluating Privileged Account Security Solutions Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?

More information

RSA Authentication Agents Security Best Practices Guide. Version 3

RSA Authentication Agents Security Best Practices Guide. Version 3 RSA Authentication Agents Security Best Practices Guide Version 3 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks RSA,

More information

The Key to Secure Online Financial Transactions

The Key to Secure Online Financial Transactions Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on

More information

Data Security and the Cloud

Data Security and the Cloud Data Security and the Cloud TABLE OF CONTENTS DATA SECURITY AND THE CLOUD EXECUTIVE SUMMARY PAGE 3 CHAPTER 1 CHAPTER 2 CHAPTER 3 CHAPTER 4 CHAPTER 5 PAGE 4 PAGE 5 PAGE 6 PAGE 8 PAGE 9 DATA SECURITY: HOW

More information

Windows Remote Access

Windows Remote Access Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by

More information

How Reflection Software Facilitates PCI DSS Compliance

How Reflection Software Facilitates PCI DSS Compliance Reflection How Reflection Software Facilitates PCI DSS Compliance How Reflection Software Facilitates PCI DSS Compliance How Reflection Software Facilitates PCI DSS Compliance In 2004, the major credit

More information

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2 Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning

More information

Achieving PCI Compliance with Red Hat Enterprise Linux. June 2009

Achieving PCI Compliance with Red Hat Enterprise Linux. June 2009 Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving

More information

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)? SaaS vs. COTS Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)? Unlike COTS solutions, SIMCO s CERDAAC is software that is offered as a service (SaaS). This offers several

More information

Effective End-to-End Cloud Security

Effective End-to-End Cloud Security Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of

More information

Trend Micro Cloud Protection

Trend Micro Cloud Protection A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

Addressing BYOD Challenges with ForeScout and Motorola Solutions

Addressing BYOD Challenges with ForeScout and Motorola Solutions Solution Brief Addressing BYOD Challenges with ForeScout and Motorola Solutions Highlights Automated onboarding Full automation for discovering, profiling, and onboarding devices onto both wired and wireless

More information

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES MOBILITY & INTERCONNECTIVITY Features SECURITY OF INFORMATION TECHNOLOGIES Frequent changes to the structure of enterprise workforces mean that many are moving away from the traditional model of a single

More information

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4) Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware

More information

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

More information

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)

More information

White paper. Microsoft and Citrix VDI: Virtual desktop implementation scenarios

White paper. Microsoft and Citrix VDI: Virtual desktop implementation scenarios White paper Microsoft and Citrix VDI: Virtual desktop implementation scenarios Table of contents Objective Microsoft VDI offering components High definition user experience...3 A very cost-effective and

More information

S E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M. Bomgar. Product Penetration Test. September 2010

S E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M. Bomgar. Product Penetration Test. September 2010 S E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M Bomgar Product Penetration Test September 2010 Table of Contents Introduction... 1 Executive Summary... 1 Bomgar Application Environment Overview...

More information

#ITtrends #ITTRENDS SYMANTEC VISION 2012 1

#ITtrends #ITTRENDS SYMANTEC VISION 2012 1 #ITtrends 1 Strategies for Security and Management in a Mobile and Virtual World Anil Chakravarthy Senior Vice President, Enterprise Security Group 2 MASSIVE INCREASE IN SOPHISTICATED ATTACKS 403 million

More information

Nominee: Barracuda Networks

Nominee: Barracuda Networks Nominee: Barracuda Networks Nomination title: Barracuda Next Generation Firewall The Barracuda NG (Next Generation) Firewall is much more than a traditional firewall. It is designed to protect network

More information

Endpoint protection for physical and virtual desktops

Endpoint protection for physical and virtual desktops datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become

More information

Reference Architecture

Reference Architecture Consulting Solutions WHITE PAPER Citrix XenDesktop Reference Architecture Pooled Desktops (Local and Remote) www.citrix.com Contents Introduction... 3 Desktop Delivery... 4 Application Delivery... 8 Conclusion...

More information

ARCHITECT S GUIDE: Comply to Connect Using TNC Technology

ARCHITECT S GUIDE: Comply to Connect Using TNC Technology ARCHITECT S GUIDE: Comply to Connect Using TNC Technology August 2012 Trusted Computing Group 3855 SW 153rd Drive Beaverton, OR 97006 Tel (503) 619-0562 Fax (503) 644-6708 admin@trustedcomputinggroup.org

More information

The Education Fellowship Finance Centralisation IT Security Strategy

The Education Fellowship Finance Centralisation IT Security Strategy The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and

More information

Citrix XenApp Manager 1.0. Administrator s Guide. For Windows 8/RT. Published 10 December 2012. Edition 1.0.1

Citrix XenApp Manager 1.0. Administrator s Guide. For Windows 8/RT. Published 10 December 2012. Edition 1.0.1 Citrix XenApp Manager 1.0 For Windows 8/RT Administrator s Guide Published 10 December 2012 Edition 1.0.1 Citrix XenApp Manager for Windows 8/RT Administrator s Guide Copyright 2012 Citrix Systems. Inc.

More information

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection Technology Blueprint Secure Your Virtual Desktop Infrastructure Optimize your virtual desktop infrastructure for performance and protection LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL

More information

Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF

Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Businesses around the world have adopted the information security standard ISO 27002 as part of their overall risk

More information

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous

More information

Reference Testing Procedures for Trend Ready Verification

Reference Testing Procedures for Trend Ready Verification Reference Testing Procedures for Trend Ready Verification Table of Contents Importance of Cloud Security in Cloud Environments... 3... 3... 4 Cloud Security ALLIANCE Guidelines... 4 Implementation Model...

More information

On and off premises technologies Which is best for you?

On and off premises technologies Which is best for you? On and off premises technologies Which is best for you? We don t mind what you buy, as long as it is YELLOW! Warren Sealey and Paul-Christian Garpe On Premises or in the cloud? 1 Agenda Why Symantec? Email

More information

PND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access

PND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access The World s Premier Online Practical Network Defense course PND at a glance: Self-paced, online, flexible access 1500+ interactive slides (PDF, HTML5 and Flash) 7+ hours of video material 10 virtual labs

More information

Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud

Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud Deploying and Managing Private Clouds The Essentials Series Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud sponsored by Managing for the Long Term: Keys to

More information

FISMA / NIST 800-53 REVISION 3 COMPLIANCE

FISMA / NIST 800-53 REVISION 3 COMPLIANCE Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security

More information

Sygate Secure Enterprise and Alcatel

Sygate Secure Enterprise and Alcatel Sygate Secure Enterprise and Alcatel Sygate Secure Enterprise eliminates the damage or loss of information, cost of recovery, and regulatory violation due to rogue corporate computers, applications, and

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data White Paper PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data Using credit cards to pay for goods and services is a common practice. Credit cards enable easy and

More information

Outgoing VDI Gateways:

Outgoing VDI Gateways: ` Outgoing VDI Gateways: Creating a Unified Outgoing Virtual Desktop Infrastructure with Windows Server 2008 R2 and ObserveIT Daniel Petri January 2010 Copyright 2010 ObserveIT Ltd. 2 Table of Contents

More information

McAfee Server Security

McAfee Server Security Security Secure server workloads with low performance impact and integrated management efficiency. Suppose you had to choose between securing all the servers in your data center physical and virtual or

More information

Enterprise Security with mobilecho

Enterprise Security with mobilecho Enterprise Security with mobilecho Enterprise Security from the Ground Up When enterprise mobility strategies are discussed, security is usually one of the first topics on the table. So it should come

More information

Payment Card Industry and Citrix XenApp and XenDesktop Deployment Scenarios

Payment Card Industry and Citrix XenApp and XenDesktop Deployment Scenarios Payment Card Industry and Citrix XenApp and XenDesktop Deployment Scenarios Overview Citrix XenApp, XenDesktop and NetScaler are commonly used in the creation of Payment Card Industry (PCI), Data Security

More information

PortWise Access Management Suite

PortWise Access Management Suite Create secure virtual access for your employees, partners and customers from any location and any device. With todays global and homogenous economy, the accuracy and responsiveness of an organization s

More information

High Availability for Citrix XenApp

High Availability for Citrix XenApp WHITE PAPER Citrix XenApp High Availability for Citrix XenApp Enhancing XenApp Availability with NetScaler Reference Architecture www.citrix.com Contents Contents... 2 Introduction... 3 Desktop Availability...

More information

SCADA SYSTEMS AND SECURITY WHITEPAPER

SCADA SYSTEMS AND SECURITY WHITEPAPER SCADA SYSTEMS AND SECURITY WHITEPAPER Abstract: This paper discusses some of the options available to companies concerned with the threat of cyber attack on their critical infrastructure, who as part of

More information

Ovation Security Center Data Sheet

Ovation Security Center Data Sheet Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations

More information

Protecting systems and patient privacy

Protecting systems and patient privacy Protecting systems and patient privacy Philips Remote Services Security Remote services deliver the benefi ts of faster, easier problem resolution and less system downtime during troubleshooting and clinical

More information

ESET Security Solutions for Your Business

ESET Security Solutions for Your Business ESET Security Solutions for Your Business It Is Our Business Protecting Yours For over 20 years, companies large and small have relied on ESET to safeguard their mission-critical infrastructure and keep

More information

Deploying Firewalls Throughout Your Organization

Deploying Firewalls Throughout Your Organization Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense

More information

Endpoint protection for physical and virtual desktops

Endpoint protection for physical and virtual desktops datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become

More information

MobiKEY TM with TruOFFICE

MobiKEY TM with TruOFFICE MobiKEY TM with TruOFFICE Virtual Desktop Infrastructure (VDI) SOLUTION February 8, 2011 Copyright 2011 Route1 Inc. All rights reserved. Route1, the Route1 and shield design Logo, SECURING THE DIGITAL

More information

Novell Access Manager SSL Virtual Private Network

Novell Access Manager SSL Virtual Private Network White Paper www.novell.com Novell Access Manager SSL Virtual Private Network Access Control Policy Enforcement Compliance Assurance 2 Contents Novell SSL VPN... 4 Product Overview... 4 Identity Server...

More information

Introduction to Endpoint Security

Introduction to Endpoint Security Chapter Introduction to Endpoint Security 1 This chapter provides an overview of Endpoint Security features and concepts. Planning security policies is covered based on enterprise requirements and user

More information