VPN serves to create a secure tunnel between an endpoint device and the company network allowing secure remote access to company network from an internet location. When granting VPN access, administrators need to carefully allow access permissions to required systems, allowing users only to access designated systems.
VDI (Virtual Desktop Infrastructure) generally transmit virtualized hosted desktop environments and/or business applications. VDI is device-agnostic and it doesn’t rely on the end-user hardware. If required, own dedicated Windows-based system can be provided to each user so that they can be customized. Each machine can be configurued to work independently of the others.
With VPN, the processing is done on the client machine whereas VDI processing is done at the server side. Further VDI can be configured to restrict data from leaving the corporate network. However with VPN, data can still be moved to client devices unless extra measures have not been configured to prevent such attempts.
Both VPN and VDI are used for gaining secure remote access. Even though VPN is more suitable for smaller businesses as it is cost-effective, easy to implement, and simple to use, Companies with the increased number of work from home users consider VDI as more effective in enabling WFH arrangements.
Thursday, January 27, 2022
Any vulnerabilities on using the windows 7?
January 27, 2022 / by Kushan Sharma / with No comments /
MS Windows 7 reached end of life by January 14, 2020. However Windows 7 Extended Security Updates (ESU) provides security updates for critical and important issues as defined by Microsoft Security Response Center (MSRC) for a maximum of three years from Jan 14, 2020. ESU is available only for Windows 7 Professional and Windows 7 Enterprise. Organizations can purchase ESU at any time during the three years that the offer is available (2020, 2021, and 2022).
If you have not purchased ESU, any Windows 7 PCs (Professional or Enterprise) will not receive security updates. Therefore with all these older version of operating systems unpatched security holes/vulnerabilities will be gradually accumulated within your IT infrastructure. It increases the overall security risks due to unpatched vulnerabilities leaving the environment more susceptible for security threats.
I recommend upgrading to Windows 10 or 11 whenever possible.
Reference:
[1] https://docs.microsoft.com/en-us/troubleshoot/windows-client/windows-7-eos-faq/windows-7-extended-security-updates-faq
Monday, January 3, 2022
Does telnet client represent a security?
January 03, 2022 / by Kushan Sharma / with No comments /
I always advice to disable telnet unless telnet use is absolutely necessary. Telnet sends authentication details (username and password) in clear text, allowing packet sniffers to read credentials. Further this can be used as a callout mechanism by malware.
Disabling the Telnet service will prevent logging into the server using valid account credentials.
Having a telnet client isn't a critical/high risk threat in itself, if you're using it within your local network. The less tools are left to the user, the less mistakes he can do with them.
The main usage of telnet client (Without enabling the server service) is to test network exchanges at low level. However this will be of no use for the general user and will only be required by the relevant administrators who wants to troubleshoot connectivity.
Simply the last assumption behind disabling the telnet client is that
a user who really needs it will certainly be able to enable it.