Secure Your Virtual Desktops
Credit to : Junichi Atsumi
Security Team, 1st Applied Technology Department, Business Promotion Division - Net One Systems Japan
An evolution is now stirring up attention in all industries due to COVID19 where now working from home is the new way to work, and the ICT technology for this is “Virtual Desktop Infrastructure” (VDI).
By providing VDI solutions and DaaS services , Net One is contributing to Work Style Innovation in terms of promoting VDI and other solutions.
Why is VDI so popular from the security aspect?
The reason is that you can enjoy the following benefits.
Why is VDI so popular from the security aspect?
Although information security countermeasures are being put in place by the separation of Internet connection as well as the business system environment; as well as the automation of isolating any possible malware, however, the environment could still be rendered helpless to guard against the possible targeted attack and will be impossible to retrieve any confidential information inside any PCs, laptops or business units.
As a result, many local government authorities have introduced VDI into the organization, in order to create a stronger security defense.
What are the VDI challenges?
VDI is a modern technology that is expected to promote telecommuting.
Although VDI is used in various environments such as via the Internet and closed networks, but security must be considered as there are employees who will be accessing the network remotely from potentially insecure connections.
Therefore, by properly implementing the right authentication process, which is part of the measures against unauthorized access, will it allow the VDI to enhance the efficiency and performance of telecommuting employees, in addition to strengthening the security in the deployed centralized location.
What is “authentication”? How will it enhance VDI?
VDI is also based on password authentication (to determine if the person is an employee or not). In a VDI environment that can be accessed via the Internet, additional authentication (multi-factor authentication) should be considered on the assumption that “passwords could be compromised.”
Multi-factor authentication is an authentication method in which a computer user will only be granted access upon successfully present two or more pieces of evidence to an authentication mechanism such as a password together with a smartphone fingerprint or face identification.
What is a recommended solution for VDI?
Here, we will introduce VMware’s Horizon as an example of VDI solution.
For Horizon, a server called “Unified Access Gateway” (UAG) that accepts VDI access from the Internet is placed in the “Demilitarized zone” (DMZ). This UAG server is included in the Horizon license and uses the Linux OS that stopped unnecessary services, so you can safely place it in the DMZ.
VDI authentication is controlled via the UAG server. It supports multi-factor authentication such as a device for one-time passwords and security certificates, a reasonable solution that can strengthen authentication at a low cost.
When implementing multi-factor authentication using smartphone, biometric recognitions, keycards etc through one-time password authentication or certificate authentication, a frequently asked question is, “How do we reduce the operational load?“.
For example, in order to use one-time password authentication, one-time password products (servers) are required. Besides the system administrator end, the user side will also have to load the issued one-time password each time. Potential hacking towards the one-time password through the smartphone can also happen.
A safer method of leaving additional authentication (multi-factor authentication) to the cloud is derived.
With push authentication, push notifications are delivered to smartphones. Authentication will be complete just by tapping the notification, so the load of keying a one-time password can be reduced.
Net One Asia Workspace as a Service is a intelligence driven digital workspace managed service platform that simply and securely delivers and manages any application and desktop on any device by integrating access control, application management, and multi-platform endpoint management.