Does your Citrix or Terminal Server environment have an Achilles heel?
|
|
- Eric Baldwin
- 8 years ago
- Views:
Transcription
1 CRYPTZONE WHITE PAPER Does your Citrix or Terminal Server environment have an Achilles heel? Moving away from IP-centric to role-based access controls to secure Citrix and Terminal Server user access cryptzone.com
2 Table of Contents Executive Summary... 3 The Popularity of Virtual Desktops... 3 The Inherent Security Risks of Multi-User Desktop Environments... 3 More Security is Needed... 4 Moving Away from IP-centric to Role-based Access Controls... 4 Conclusion
3 Executive Summary Citrix and Terminal Servers provide highly valuable functionality for session-based access, but to date have had an Achilles heel when it comes to privileged account management across multiple users. Citrix and Terminal Servers allow multiple virtual desktops to share a single hardware resource. This grants several benefits, but also causes additional security concerns not typically found in traditional distributed desktop environments. Citrix and others have primarily focused on securing user access to the virtual desktop infrastructure, but not enough attention has been paid toward securing access to the datacenter applications these users utilize. The Popularity of Virtual Desktops This white paper will highlight the information security risks inherent in all multiuser virtual desktop solutions, and offer a better way to secure access using a zero trust security methodology. Many enterprises have chosen to virtualize their corporate desktop environments either using Citrix s XenDesktop and XenApp solutions or Terminal Servers. These are Windows-based multiuser systems, which are used to present corporate applications to employees in a secure and controlled environment. The technology is a real business asset, great for presenting applications or a desktop to any user from almost any device and any location. There are multiple use cases for these systems including remote access, as jump servers connected to secure networks, or as access to privileged applications and resources. They also allow an organization to greatly reduce its need to manage employee devices, and are designed to increase application response without data leaving the corporate network. Many of these benefits are derived from being able to place the virtual desktops on hardware that is within the datacenter. The Inherent Security Risks of Multi-User Desktop Environments Citrix Users Virtual Desktop Infrastructure Internal External 192.###.### ###.###.100 SSL NETSCALER FIREWALL This virtual placement of client desktops inside the datacenter also results in many security concerns. Citrix has published a white paper 1 detailing many of the risks inherent in environments with multi-user desktops and virtual desktop infrastructure (VDI). These include remote access to the virtualized desktop environment, the proliferation of unmanaged personal devices used to connect to that environment, the access that virtual desktop users have to downstream network resources, and the concentration of corporate resources onto a few virtual hosts rather than being distributed among multiple user workstations. To counteract these vulnerabilities, Citrix recommends utilizing their NetScaler appliance as shown in Figure 1. Figure 1 2 Data Centers SERVERS WAN SERVERS Cryptzone representation of NetScaler use 3
4 The threat of a Citrix server being compromised either by malware or a malicious user exploiting vulnerabilities in the system is too dangerous to be ignored. A single successful attack now has the potential to impact a substantial number of critical applications. Most security solutions, such as Citrix s NetScaler, focus on securing access to the multiuser desktop itself. With this product or using similar solutions, an organization can address several important concerns in this area including: External Network Firewall - Blocks external users or attackers from accessing datacenter resources, including the virtual desktop infrastructure and multi-user desktop systems. Intrusion Detection/Prevention - Monitors application data entering and leaving the datacenter. When malicious traffic is identified by comparing it to known attack signatures, the intrusion prevention system (IPS) drops the connection and/or logs the event. Secure Remote Access - An SSL-VPN server provides access control and a secure encrypted tunnel for connections. This allows only authenticated users on authorized, compliant devices to connect to desktop resources. An often less addressed area is securing access from the multi-user desktop to datacenter applications and resources. The challenge is that all traffic using the Citrix/Terminal Server is seen on the network as coming from a single IP address, sometimes representing dozens of users. Using VDI to give each individual a complete virtual desktop system rather than publishing multiple user spaces on a single OS Kernel space is a costly alternative that only addresses a small portion of the issue. Networklayer IP-centric access controls do not take the actual user into account. For a traditional firewall, this means that an access rule is needed to allow the server to access every resource that any user on that server could need. In the case of VDI desktop pools it means preassigning each individual user s IP address in a predictable way. In practice, these access rules can often become a permit all for the Citrix/Terminal Server multiuser desktop or VDI environment IP address pools. More Security is Needed The new threat landscape we now live in requires us to consider the security implications of compromised accounts and machines far more than in the past. The threat of a Citrix server being compromised either by malware or a malicious user exploiting vulnerabilities in the system is too dangerous to be ignored. A single successful attack now has the potential to impact a substantial number of critical applications. For example, there have been a number of reported break-ins where compromised credentials allowed access to a terminal server that was acting as a jump box. This terminal server access provided the opening that attackers required to establish unimpeded access to retail POS systems. This single compromised account led to countless credit card details and customer records being stolen. In today s evolving threat landscape new vulnerabilities are constantly being discovered in operating systems, and Citrix and Microsoft both stress the need to always install their latest security updates. However this process of enumerating bad behavior is limited to a reactive approach to security. New malware and attack vectors are always being developed, and a compromised Citrix server with access to secure network areas can be used as a launching point for a serious attack. The reason that attacks like this are successful is because controlling a user s access to their desktop and/or applications is just one side of the equation. In order to truly protect corporate data and resources there also needs to be tight user-based controls around network access from virtual desktops. Moving Away from IP-centric to Role-based Access Controls To solve this problem, enterprises need to move away from IP-centric architectures to a role-based security model that maintains the distinction between individual users connecting through a Citrix or Windows Terminal, then provisions access on the network and application level depending on those users roles and attributes. Cryptzone s AppGate can deliver this functionality, by replacing Discretionary Access Control (DAC) devices like traditional and next generation firewall systems with a fully context aware user and session specific dynamic application firewall. 4
5 By placing the AppGate Security Server between the VDI and multiuser desktop environment and the rest of the corporate datacenter this access can be securely controlled (see Figure 2). Unlike traditional firewalls, AppGate is able to dynamically enforce access on a per user basis, even when those users share the same physical host. It accomplishes this using Cryptzone s patented methodology that uniquely identifies each virtual desktop s traffic on the network on a per user session basis. TM Cluster Internal External Encryption- Always assume that unauthorized users are able to intercept communication, regardless of whether services are accessed internally or remotely. All communication between the AppGate client running on the virtual desktop and the AppGate server is strongly encrypted using one of several configurable methods. Authentication - Strong user authentication is the first step in gaining authorized access to applications, services and data essential for information security and risk mitigation. The user is prompted for authentication credentials including one or multiple chained authentication methods such as Active Directory, Radius, RSA, or builtin options like Cryptzone s OTP. 192.###.### ###.###.100 Citrix Users & Virtual Desktop Infrastructure User A Cryptzone AppGate Cryptzone AppGate SSL NETSCALER User B Session Authorization - In an environment where users can access information from different types of devices in a wide array of locations, advanced authorization methods must include the ability to capture the posture and context of each session. Once credentials are authenticated, the AppGate server examines contextual data such as client posture information (anti-virus (AV) version, corporate watermarks, etc.), time of day, geographic location, and more. AppGate TM WALLED-GARDEN User Account groups attributes Device Attributes posture context POLICY ENGINE ACL USER A TUNNELING DRIVER User Traffic Isolated For Individualized Policy Treatment WALLED-GARDEN User Account groups attributes Device Attributes posture context POLICY ENGINE ACL USER B Policy Enforcement - Each transaction must be evaluated against security policies to determine which resources should be made available to a specific user, on a specific device, in a specific environment. Account information gathered from the authentication source and contextual data gathered during the authorization phase are used to determine what services, applications and resources are presented to the user. Access rules are then dynamically created when the user accesses a resource, and are torn down once the user disconnects from that resource. In this way there are never any permanent permit all style access rules to be exploited by attackers. This also prevents any potential attacker from scanning the datacenter to determine what IP addresses and ports are available to exploit. Data Centers SECURE MICRO-SEGMENT SECURE MICRO-SEGMENT Global Audit and Logging - All session activity is recorded in an enforceable manner to assist with both investigations and compliance reporting. All user access must be systematically logged and accurately tracked to support on-demand security reporting and auditing for compliance. Figure 2 In figure 2 above the AppGate cluster (appliance or VM) is placed between the Citrix/Terminal Server farm and any area of the network that needs a higher degree of security. Two users are connected to the same virtual desktop server: User A from an internal network and User B through an external SSL VPN. The AppGate server provides an individual user-specific policy for controlling access to the network connected resources in the data center. When either needs to access a secured datacenter resource, they launch the AppGate client and connect to the AppGate server using a five layer security model: Conclusion Multi-user and virtual desktop infrastructures like Citrix s XenDesktop and XenApp solutions or Terminal Server offer too many tangible benefits to be ignored, but they also come with several security concerns. Securing Citrix user access requires more than just authenticating a user before they access their desktop. With AppGate, an organization is in a much better position to defend against cyber attacks than if its Citrix and Terminal Server users were represented by a single IP address. It can provision access to network resources and applications based on what an individual needs to do their job, rather than everybody who uses the same server. AppGate can also produce better security alerts - and meet compliance objectives - via the ability to trace activity back to a single user. 5
6 About Cryptzone Cryptzone secures the enterprise with dynamic, identity-driven security solutions that protect critical services, applications and content from internal and external threats. For over a decade, enterprises have turned to Cryptzone to galvanize their Cloud and network security with responsive protection and access intelligence. More than 750 public sector and enterprise customers, including some of the leading names in technology, manufacturing and consumer products trust Cryptzone to keep their data and applications secure. For more information go to or follow Americas: Europe, Middle East, Africa: (UK, SE, DACH ) sales@cryptzone.com Copyright 2015 Cryptzone North America Inc. All rights reserved. Cryptzone, The Cryptzone Logo and AppGate are trademarks of Cryptzone North America Inc., or its affiliates. Microsoft is a registered trademark of Microsoft Corporation in the United States and/or other countries. All other product names mentioned herein are trademarks of their respective owners. 6
Deployment Guide for Citrix XenDesktop
Deployment Guide for Citrix XenDesktop Securing and Accelerating Citrix XenDesktop with Palo Alto Networks Next-Generation Firewall and Citrix NetScaler Joint Solution Table of Contents 1. Overview...
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationFIREWALL. Features SECURITY OF INFORMATION TECHNOLOGIES
FIREWALL Features SECURITY OF INFORMATION TECHNOLOGIES To ensure that they stay competitive and in order to expand their activity, businesses today know it is in their best interests to open up more channels
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationOrganizations Continue to Rely on Outdated Technologies, When Advanced Threats a Reality
NETWORK SECURITY SURVEY RESULTS Is Network Access Putting You at Risk? Organizations Continue to Rely on Outdated Technologies, When Advanced Threats a Reality Introductions Given the proliferation of
More informationS E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s
S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s During the period between November 2012 and March 2013, Symantec Consulting Services partnered with Bomgar to assess the security
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationProven LANDesk Solutions
LANDesk Solutions Descriptions Proven LANDesk Solutions IT departments face pressure to reduce costs, reduce risk, and increase productivity in the midst of growing IT complexity. More than 4,300 organizations
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationWhitepaper. Securing Visitor Access through Network Access Control Technology
Securing Visitor Access through Contents Introduction 3 The ForeScout Solution for Securing Visitor Access 4 Implementing Security Policies for Visitor Access 4 Providing Secure Visitor Access How it works.
More informationNetwork Access Control in Virtual Environments. Technical Note
Contents Security Considerations in.... 3 Addressing Virtualization Security Challenges using NAC and Endpoint Compliance... 3 Visibility and Profiling of VMs.... 4 Identification of Rogue or Unapproved
More informationWICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise
WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise WICKSoft Corporation http://www.wicksoft.com Copyright WICKSoft 2007. WICKSoft Mobile Documents
More informationSecuring Endpoints without a Security Expert
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationSecuring Remote Vendor Access with Privileged Account Security
Securing Remote Vendor Access with Privileged Account Security Table of Contents Introduction to privileged remote third-party access 3 Do you know who your remote vendors are? 3 The risk: unmanaged credentials
More informationHow To Secure Your System From Cyber Attacks
TM DeltaV Cyber Security Solutions A Guide to Securing Your Process A long history of cyber security In pioneering the use of commercial off-the-shelf technology in process control, the DeltaV digital
More informationEasy and secure application access from anywhere
Easy and secure application access from anywhere Citrix is the leading secure access solution for applications and desktops HDX SmartAccess Delivers simple and seamless secure access anywhere Data security
More informationCNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions
CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions The objective of Implementing Citrix NetScaler 10.5 for App and Desktop Solutions is to provide the foundational concepts and skills
More informationAchieving PCI Compliance Using F5 Products
Achieving PCI Compliance Using F5 Products Overview In April 2000, Visa launched its Cardholder Information Security Program (CISP) -- a set of mandates designed to protect its cardholders from identity
More informationRemote Vendor Monitoring
` Remote Vendor Monitoring How to Record All Remote Access (via SSL VPN Gateway Sessions) An ObserveIT Whitepaper Daniel Petri March 2008 Copyright 2008 ObserveIT Ltd. 2 Table of Contents Executive Summary...
More informationHow To Secure An Rsa Authentication Agent
RSA Authentication Agents Security Best Practices Guide Version 3 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks RSA,
More informationHow To Protect A Virtual Desktop From Attack
Endpoint Security: Become Aware of Virtual Desktop Infrastructures! An Ogren Group Special Report May 2011 Executive Summary Virtual desktops infrastructures, VDI, present IT with the unique opportunity
More informationSecuring Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits
A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationHow NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements
How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards
More informationIndustrial Security Solutions
Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats
More informationWHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment... 2. Adaptive Network Security...
WHITEPAPER Top 4 Network Security Challenges in Healthcare Addressing Them with Adaptive Network Security Executive Summary... 1 Top 4 Network Security Challenges Addressing Security Challenges with Adaptive
More informationMeeting the Challenges of Virtualization Security
Meeting the Challenges of Virtualization Security Coordinate Security. Server Defense for Virtual Machines A Trend Micro White Paper August 2009 I. INTRODUCTION Virtualization enables your organization
More informationBeyond the Hype: Advanced Persistent Threats
Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,
More informationFamily Datasheet AEP Series A
Trusted Security Everywhere Family Datasheet AEP Series A Covering: Hardware Edition Virtual Edition Load Balancer AEP Networks, Inc. All rights reserved. Secure Application Access 2500. 4500. 6500. 8500
More informationTechnology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection
Technology Blueprint Secure Your Virtual Desktop Infrastructure Optimize your virtual desktop infrastructure for performance and protection LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL
More informationHow To Protect Your Data From Being Hacked
Data Security and the Cloud TABLE OF CONTENTS DATA SECURITY AND THE CLOUD EXECUTIVE SUMMARY PAGE 3 CHAPTER 1 CHAPTER 2 CHAPTER 3 CHAPTER 4 CHAPTER 5 PAGE 4 PAGE 5 PAGE 6 PAGE 8 PAGE 9 DATA SECURITY: HOW
More informationEnterprise Security Platform for Government
Enterprise Security Platform for Government Today s Cybersecurity Challenges in Government Governments are seeking greater efficiency and lower costs, adopting Shared Services models, consolidating data
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationProtecting systems and patient privacy
Protecting systems and patient privacy Philips Remote Services Security Remote services deliver the benefi ts of faster, easier problem resolution and less system downtime during troubleshooting and clinical
More informationCertified PCI Compliant and Still Breached. 4 Cornerstones of Securing Payment Card Data
Certified PCI Compliant and Still Breached Cornerstones of Securing Payment Card Data Table of Contents Executive Summary The Challenges of Payment Card Security in 201 and Beyond Cornerstones of Securing
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationSophistication of attacks will keep improving, especially APT and zero-day exploits
FAQ Isla Q&A General What is Isla? Isla is an innovative, enterprise-class web malware isolation system that prevents all browser-borne malware from penetrating corporate networks and infecting endpoint
More informationSECURE ACCESS TO THE VIRTUAL DATA CENTER
SOLUTION BRIEF SECURE ACCESS TO THE VIRTUAL DATA CENTER Ensure that Remote Users Can Securely Access the Virtual Data Center s Virtual Desktops and Other Resources Challenge VDI is driving a unique need
More informationBest Practices for DanPac Express Cyber Security
March 2015 - Page 1 Best Practices for This whitepaper describes best practices that will help you maintain a cyber-secure DanPac Express system. www.daniel.com March 2015 - Page 2 Table of Content 1 Introduction
More informationSSL VPN A look at UCD through the tunnel
SSL VPN A look at UCD through the tunnel Background Why? Who is it for? Stakeholders IET Library Schools and Colleges Key Requirements Integrate with existing authentication Flexible security groups within
More informationDriving Company Security is Challenging. Centralized Management Makes it Simple.
Driving Company Security is Challenging. Centralized Management Makes it Simple. Overview - P3 Security Threats, Downtime and High Costs - P3 Threats to Company Security and Profitability - P4 A Revolutionary
More informationTech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks
Tech Brief Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks Introduction In today s era of increasing mobile computing, one of the greatest challenges
More informationEffective End-to-End Cloud Security
Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationHow To Protect Your Cloud From Attack
A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to
More informationAppalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2
Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning
More information"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary
Course Summary Description The objective of this course is to provide the foundational concepts and teach the skills necessary to implement, configure, secure and monitor a Citrix NetScaler system with
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationDMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
More informationWHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks
WHITE PAPER The Need for Wireless Intrusion Prevention in Retail Networks The Need for Wireless Intrusion Prevention in Retail Networks Firewalls and VPNs are well-established perimeter security solutions.
More informationS E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M. Bomgar. Product Penetration Test. September 2010
S E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M Bomgar Product Penetration Test September 2010 Table of Contents Introduction... 1 Executive Summary... 1 Bomgar Application Environment Overview...
More informationWhy SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?
SaaS vs. COTS Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)? Unlike COTS solutions, SIMCO s CERDAAC is software that is offered as a service (SaaS). This offers several
More informationInspection of Encrypted HTTPS Traffic
Technical Note Inspection of Encrypted HTTPS Traffic StoneGate version 5.0 SSL/TLS Inspection T e c h n i c a l N o t e I n s p e c t i o n o f E n c r y p t e d H T T P S T r a f f i c 1 Table of Contents
More informationHow Reflection Software Facilitates PCI DSS Compliance
Reflection How Reflection Software Facilitates PCI DSS Compliance How Reflection Software Facilitates PCI DSS Compliance How Reflection Software Facilitates PCI DSS Compliance In 2004, the major credit
More informationIBM Managed Security Services Vulnerability Scanning:
IBM Managed Security Services August 2005 IBM Managed Security Services Vulnerability Scanning: Understanding the methodology and risks Jerry Neely Network Security Analyst, IBM Global Services Page 2
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationUsing the AppGate Network Segmentation Server TO ACHIEVE PCI COMPLIANCE
Using the AppGate Network Segmentation Server TO ACHIEVE PCI COMPLIANCE Version 2.0 January 2013 Jamie Bodley-Scott Cryptzone 2012 www.cryptzone.com Page 1 of 12 Contents Preface... 3 PCI DSS - Overview
More informationFISMA / NIST 800-53 REVISION 3 COMPLIANCE
Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security
More informationMOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES
MOBILITY & INTERCONNECTIVITY Features SECURITY OF INFORMATION TECHNOLOGIES Frequent changes to the structure of enterprise workforces mean that many are moving away from the traditional model of a single
More informationManaging for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud
Deploying and Managing Private Clouds The Essentials Series Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud sponsored by Managing for the Long Term: Keys to
More informationEnterprise Security with mobilecho
Enterprise Security with mobilecho Enterprise Security from the Ground Up When enterprise mobility strategies are discussed, security is usually one of the first topics on the table. So it should come
More informationHow To Achieve Pca Compliance With Redhat Enterprise Linux
Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving
More informationTrend Micro Cloud Security for Citrix CloudPlatform
Trend Micro Cloud Security for Citrix CloudPlatform Proven Security Solutions for Public, Private and Hybrid Clouds 2 Trend Micro Provides Security for Citrix CloudPlatform Organizations today are embracing
More informationCisco Virtualization Experience Infrastructure: Secure the Virtual Desktop
White Paper Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop What You Will Learn Cisco Virtualization Experience Infrastructure (VXI) delivers a service-optimized desktop virtualization
More informationMicrosoft and Citrix: Joint Virtual Desktop Infrastructure (VDI) Offering
Microsoft and Citrix: Joint Virtual Desktop Infrastructure (VDI) Offering Architectural Guidance July 2009 The information contained in this document represents the current view of Microsoft Corporation
More informationCitrix XenApp Manager 1.0. Administrator s Guide. For Windows 8/RT. Published 10 December 2012. Edition 1.0.1
Citrix XenApp Manager 1.0 For Windows 8/RT Administrator s Guide Published 10 December 2012 Edition 1.0.1 Citrix XenApp Manager for Windows 8/RT Administrator s Guide Copyright 2012 Citrix Systems. Inc.
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationARCHITECT S GUIDE: Comply to Connect Using TNC Technology
ARCHITECT S GUIDE: Comply to Connect Using TNC Technology August 2012 Trusted Computing Group 3855 SW 153rd Drive Beaverton, OR 97006 Tel (503) 619-0562 Fax (503) 644-6708 admin@trustedcomputinggroup.org
More informationAddressing BYOD Challenges with ForeScout and Motorola Solutions
Solution Brief Addressing BYOD Challenges with ForeScout and Motorola Solutions Highlights Automated onboarding Full automation for discovering, profiling, and onboarding devices onto both wired and wireless
More informationWhen enterprise mobility strategies are discussed, security is usually one of the first topics
Acronis 2002-2014 Introduction When enterprise mobility strategies are discussed, security is usually one of the first topics on the table. So it should come as no surprise that Acronis Access Advanced
More informationIntroduction to Endpoint Security
Chapter Introduction to Endpoint Security 1 This chapter provides an overview of Endpoint Security features and concepts. Planning security policies is covered based on enterprise requirements and user
More informationWindows Remote Access
Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by
More informationA HELPING HAND TO PROTECT YOUR REPUTATION
OVERVIEW SECURITY SOLUTIONS A HELPING HAND TO PROTECT YOUR REPUTATION CONTENTS INFORMATION SECURITY MATTERS 01 TAKE NOTE! 02 LAYERS OF PROTECTION 04 ON GUARD WITH OPTUS 05 THREE STEPS TO SECURITY PROTECTION
More informationThe Education Fellowship Finance Centralisation IT Security Strategy
The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and
More informationWhite paper. Microsoft and Citrix VDI: Virtual desktop implementation scenarios
White paper Microsoft and Citrix VDI: Virtual desktop implementation scenarios Table of contents Objective Microsoft VDI offering components High definition user experience...3 A very cost-effective and
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More informationEndpoint protection for physical and virtual desktops
datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become
More informationNominee: Barracuda Networks
Nominee: Barracuda Networks Nomination title: Barracuda Next Generation Firewall The Barracuda NG (Next Generation) Firewall is much more than a traditional firewall. It is designed to protect network
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More information#ITtrends #ITTRENDS SYMANTEC VISION 2012 1
#ITtrends 1 Strategies for Security and Management in a Mobile and Virtual World Anil Chakravarthy Senior Vice President, Enterprise Security Group 2 MASSIVE INCREASE IN SOPHISTICATED ATTACKS 403 million
More informationSecurely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.
Securely Architecting the Internal Cloud Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Building the Internal Cloud Virtualization is the Key How Virtualization Affects
More informationEnterprise Desktop Solutions: VMware View 4.5
C H E A T S H E E T Enterprise Desktop Solutions: What is VMware View? VMware View 4.5 is the leading desktop virtualization solution, built for delivering desktops as a managed service from the platform
More informationIntroduction to Cyber Security / Information Security
Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be
More informationWhite Paper. BD Assurity Linc Software Security. Overview
Contents 1 Overview 2 System Architecture 3 Network Settings 4 Security Configurations 5 Data Privacy and Security Measures 6 Security Recommendations Overview This white paper provides information about
More informationSecure Virtualization in the Federal Government
White Paper Secure Virtualization in the Federal Government Achieve efficiency while managing risk Table of Contents Ready, Fire, Aim? 3 McAfee Solutions for Virtualization 4 Securing virtual servers in
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationHigh Availability for Citrix XenApp
WHITE PAPER Citrix XenApp High Availability for Citrix XenApp Enhancing XenApp Availability with NetScaler Reference Architecture www.citrix.com Contents Contents... 2 Introduction... 3 Desktop Availability...
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationESET Security Solutions for Your Business
ESET Security Solutions for Your Business It Is Our Business Protecting Yours For over 20 years, companies large and small have relied on ESET to safeguard their mission-critical infrastructure and keep
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationFranchise Data Compromise Trends and Cardholder. December, 2010
Franchise Data Compromise Trends and Cardholder Security Best Practices December, 2010 Franchise Data Security Agenda Cardholder Data Compromise Overview Breach Commonalities Hacking Techniques Franchisee
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More information