by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : March 2013
firewall deployment. Appropriate device-level access control lists ensure that only authorized applications and virtual desktops can gain access to secure server resources. In contrast, distributed desktop environments access resources from a broadly distributed range of network locations. Centralized solutions share a common IP address range, making access control lists easy to manage and vastly simplifying segmentation of network traffic types to only the appropriate range of IP addresses. Today's more distributed client virtualization solutions --- those that might support a highly mobile workforce --- adopt a layered security approach based on granular role-based access control and full-disk AES 256-bit encryption to secure data on the client hard drive. In the event that a device is lost or stolen, or even if a device does not reconnect to the network after a predefined time, remote access revocation and remote lock/wipe capabilities can be used to secure or destroy all data. e IT group can employ additional measures, including built-in antivirus scanning, to monitor for keylogging or screen scraping software, as well as tamper protection to secure data if an attempt is made to directly copy or edit a virtual disk. When it comes to client virtualization, regardless of the level of security offered by individual products, IT departments should follow an appropriate layered- security model. All computers must be kept up to date with security patches and effective antivirus software, but staff should also enforce appropriate physical controls. With client virtualization, the benefits of a single, central point of control --- regardless of endpoint location --- can simplify the implementation and maintenance of effective security controls. CDWG.com | 800.808.4239 FIVE TIPS FOR SECURING VIRTUAL CLIENTS Deploy a multilayered approach to protect these endpoints. If implemented well, client virtualization has the potential to signi cantly improve enterprise security. But if implemented poorly, it can weaken an organization's overall data security. As always, organizations should adopt a multilayered approach to security. With that in mind, heed the following tips to protect virtual clients: Ensure that the network takes the virtual desktop into consideration. Place all virtual desktops on dedicated subnets. Provide appropriate network segmentation by implementing firewalls to limit desktop communication to required subnets and over well-known ports. 1 Disable virtual desktop administrative privileges. If admin privileges are available on the desktop, this greatly increases the likelihood of a security breach. Instead, consider offering self-service installation from an application catalog that hosts preapproved applications that have been configured to minimize security risks. 2 Prevent data leakage. In virtual desktop infrastructure (VDI) environments where endpoints are insecure, control the redirection and mapping of local host hard drives and disable access to USB flash drives to prevent data from being copied to the endpoint. When necessary, also consider disabling clipboard functionality. Where data portability is required, ensure local hard drives are encrypted and permit access only to specifically approved USB drives with hardware- or software-based encryption, such as that offered by IronKey. Look to client computing systems that offer highly granular USB device access controls. 3 Use antimalware products designed speci cally for virtual environments. Deploying antivirus/antimalware to virtual clients can impede performance, so choose tools designed specifically for VDI whenever possible. ese systems are implemented as hardened virtual appliances running on the hypervisor rather than as services running on each individual virtual client. is approach prevents antivirus storms caused by multiple desktops attempting to perform scans at the same time. A centralized model ensures that antivirus signatures can be kept up to date at all times without requiring IT staff to manage individual desktop signatures. 4 Consider the user experience. Poorly designed and inadequately specified client computing environments will encourage users to bypass security controls and adopt unauthorized technology to get the job done. A well-designed system should maintain security without impeding productivity. 5 Above all, when it comes to virtualized client security, it's important to understand that VDI is not a magic bullet. Vendor best practices for managing security on physical desktops should be considered a baseline for virtual desktop environments.