Today, access to the Internet is to prevent in nearly any working environment a fundamental requirement. But for enterprise IT, this presents a problem.
More than one million new malware threats are triggered every day. Firewalling, content scanning, antivirus, intrusion detection, URL safe lists and regular software patching you can help the risk of attack to alleviate. But as new threats appear, it may take some time before software vendors become aware they exist. So you can never guarantee 100% protection.
Similarly search engines have the same problem, new malware detection, that is, they do not keep pace with the number of unsafe websites. And it's only a matter of time before an employee visits a site that could damage or potentially spy on your company's IT infrastructure.
So what is the solution?
When your users search in a company on the Internet on a Citrix XenApp / XenDesktop environment, then you have main options three a separate secure access to the Internet for the implementation of
option 1 :. Virtual Browsing through an insulated Citrix environment
to tighten security, create a separate XenApp / XenDesktop environment within a DMZ, which serves for access outside your internal network as a dedicated Internet browsing Farm , In this way, the entire external world is running out of the reach of the enterprise network, so malicious code can not be executed internally.
This solution numerous benefits, such as central administration your offers security and a contained environment , the malware infections from your core systems isolated. It also gives you room for stricter firewall rules as you need open ports less. And you may want to restrict browser functionality, can because you no longer need certain functions for the execution of internal business applications
Option 2 :. Browsing feature on individual endpoints
Alternatively you can implement a secure browsing environment locally at each individual workstation. If users have access to a powerful machine and network, this option may be the best in terms of Power . Also, if you properly segment LAN, you can be able to malware infections only a small part of the internal network, thereby avoiding wider infection in your data center.
On the other hand, this option [is decentralized control your safety, making it difficult and time consuming to maintain especially if your endpoints different operating systems and technologies. It also increases the Attack Service , because there are multiple endpoints compared to a centralized system
protect option. 3 Dedicated Internet-only workstations
This may be the safest option, even more so when these machines are physically disconnected from the rest of your LAN. But laying on separate machines purely for Internet access will require both additional office space and additional costs.
Not only that, but it could also hurt productivity. If employees need to surf the Internet, they have every time to log on to another machine and must also wait while someone else might use.
How to use Citrix as an additional layer between the workstation and the external Internet connection.
Each option its pros and cons clearly that you can read in detail in our comprehensive guide. But if you opt for a quick summary about the logistics of Citrix browsing farm solution then the following are the main points that you need to consider
Find the challenges in the isolation of Internet surfing of internal core data and applications .:
- to a secure browsing farm with optimal user experience structure, based on XenApp / XenDesktop.
- Browsing Farm Sizing
- Browsing Farm hardening (both browser and server)
- Transparent user experience (holding cookies, favorites, history, etc.)
- Flash blocker for maximum performance and safety (not always possible)
- Enabling file downloads and delivery
- monitor and optimize the company's browsing activity
- anonymous corporate Browsing enable user information leak
- SSO (Single Sign on) support to prevent
- Safe surfing on a website.
- compliance with regulatory requirements.
- Minimal effort required the organization Browsing implement policy.
- to use as a transparent / easy for the end user as possible.
Citrix Secure Browsing Solution Overview
a DMZ Citrix Internet browsing Farm for surfing outside the corporate network, a number of business organizations that the ultimate way Malware defeat was web surfing isolate. Consequently, these organizations a separate XenApp / XenDesktop environment built on its DMZ to safely access the Internet.
is carried out in this way all external content outside the corporate network, so that malicious code can not be executed internally. The only traffic your network from the DMZ is input screen updates, printing or clipboard items. The last two can be disabled or configured to reduce the risk of harmful content that can damage internal desktops, cause privacy breaches of desktops, internal applications, databases and sensitive data.
By visiting traffic in a Citrix environment to isolate in the DMZ, you get the best of both worlds:
- A central area is the easiest to secure and manage
- separation :. Each may contain malware infection on the DMZ, where your core business applications not occur. Read the full guide
About SmartX Safe Browsing
SmartXSB acts as a Web proxy between business users and the virtual IT environment. It can be carried out either internally or in the cloud. SmartXSB controls and isolated each execution web content an advanced rules engine. The rules engine determines where web content is performed anonymously and the browser being used, based on user rights, the situation and the desired Web page. www.smartxsb.com
The Citrix Ready Partner SmartX with Citrix has been working for Secure Browsing create enabling secured for the company's end-user by surfing outside of the corporate network surfing the Internet while the best user experience on virtualized warranty Surroundings. Read more about Smart-X Professional Services Ltd on the Citrix Ready marketplace
About the Citrix Ready Program:
Citrix Ready identifies recommended solutions that enhance the Citrix Delivery Center infrastructure, are trustworthy. have marked all products in Citrix Ready verification testing completed, so that confidence in joint solution compatibility. Based on its industry leading alliances and partner eco-system, Citrix Ready presents select trusted solutions designed to meet a variety of business needs. Citrix Ready not only demonstrates current mutual product compatibility, but through continued industry relationships also ensures future interoperability. Explore the Citrix Ready marketplace.
0 Komentar