End-to-end security with XenApp and XenDesktop - a new white paper (with a puzzle) !
Big change happens when forces collide. In the world of cryptography, these forces are active today: new regulations, new threats and the technical innovation
For this reason, Transport Layer Security (TLS - the successor to SSL) much in the news of has been. last year. If your organization is covered by PCI DSS, you will already be in motion 1.2 TLS. Weaknesses were found in SSL and in early versions of TLS. The new version of TLS, TLS 1.3 is on the way - and beyond, according to quantum cryptography
Here are the main points .:
- Replace SSL TLS now . Although these protocols are similar, the difference is crucial safety. If possible, use TLS 1.2.
- TLS for internal communication, but selectively . Sensitive data travels via the internal network. You need to encrypt this traffic. But not everything encrypt -. It is a waste of resources and makes intrusion detection difficult
- Select cipher suites TLS wisely . TLS has a wide range of encryption options. Many of them are too weak, safe to use. You are in TLS 1.3 away, but now be careful to choose only 1.2 strong cipher with TLS.
- Know your security policies . If you have within PCI DSS and other regulatory framework, it provides guidance on the use of TLS. See Payment Card Industry and Citrix XenApp and XenDesktop deployment scenarios for specific guidelines.
- Feedback Citrix Security Guidance . In addition to the product documentation, see the technical white papers and related consultancy in security and compliance information, and the Business Backgrounders on security and compliance solutions.
- Consider UDP and TCP traffic . You can UDP traffic with DTLS as TCP encrypt with TLS. XenApp and XenDesktop already offer a better user experience Framehawk and advanced media streaming over UDP. If this traffic is sensitive to DTLS look encrypt.
- Let for TLS in the cloud and the Internet of Things . TLS is versatile: it works in the cloud and the Internet of Things. But it must also be used in multi-tenant environments with low-power devices carefully.
- Plan, but not rush ahead, . 1.2 TLS is to be a great place. TLS 1.3, when they are standardized several advantages, but not in typical situations. Post-quantum cryptography will be very important, but it is still experimental.
What post-quantum cryptography, you ask? "- Next Generation SSL ciphers and SYN232", along with more background on these key points, you can experienced in recorded Synergy session. We will also be presented in Las Vegas on August 3 by 2 Hat on this subject on the Black: 30-3: 15 in theater A - please contact us for this session to join and to stop at our booth if you Black Hat are [
and now there is a White Paper accompanied : end-to-end encryption with XenApp and XenDesktop that describes your technical capabilities, and where detailed product configuration guide to find. It includes used NetScaler Gateway as with XenApp and XenDesktop.
This paper took a while longer than to get published hoped (I thought it was wrapped on the fourth Saturday in April), but it was a lot of great feedback that it expanded and improved. Please leave us your feedback and questions.
And finally ... in accordance with cryptographic tradition, anywhere in the text of the White Paper, is a small puzzle. If you recognize the first, the reference, there is a small price. Send your answer and contact details for secure@citrix.com. Good luck!
0 Komentar