Presented by John Whaley, Anna Bogatch, and Geoffrey Thomas
Many organizations have implemented VDI as a solution to desktop manageability and security concerns, believing that running desktops on a central server will improve security. However, VDI encourages end users to access their secure desktops from uncontrolled and unsecured clients. In this session, we will demonstrate an actual attack that works on all major VDI products whereby an infected endpoint can remotely compromise a VDI instance upon initial authentication, completely unbeknownst to the user. We will also discuss techniques to guard against these types of attacks.
• The security properties of VDI offerings from major VDI vendors
• Real and theoretical attacks against VDI
• A methodology for evaluating the security of a VDI solution
• Best practices for securing VDI