A Quick Tour of Ceedo Safe Browsing and Remote Access Protection.

Slides:

Advertisements

Similar presentations

© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo for Call Center Call Center on a Stick Ceedo for Call Center Presentation.

Advertisements

© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo Client Workspace Concept and Technology Overview Ceedo Client Workspace.

Dynamic Desktop Composition. Modular desktop composition at file-level What is Ceedo Desktop? A smart driver that intercepts and redirects R/W functions.

© 2011 All rights reserved to Ceedo. Ceedo - Flexible Computing Certificate-Based Authentication (CBA - 2FA) The organization MUST be able to positively.

© 2012 All rights reserved to Ceedo. Enhanced Mobility with Tighter Security.

© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo for Citrix Optimal User Experience & Maximum IT Control Ceedo for Call.

© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo Client Offerings For Service Providers Ceedo Client Workspace Virtualization.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.

Module 5: Configuring Access for Remote Clients and Networks.

Security Issues and Challenges in Cloud Computing

Understand Virtualized Clients Windows Operating System Fundamentals LESSON 2.4.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.

IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.

File sharing. Connect the two win 7 systems with LAN card Open the network.

Secure Remote Access to an Internal Web Server Christian Gilmore, David Kormann, and Aviel D. Rubin ATT Labs - Research “The security policy usually amounts.

Agenda Master Expert Associat e Microsoft Certified Solutions Master (MCSM) Microsoft Certified Solutions Expert (MCSE) Microsoft Certified Solutions.

4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.

Course 201 – Administration, Content Inspection and SSL VPN

Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Terminal Services in Windows Server ® 2008 Infrastructure Planning and Design.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

Week #7 Objectives: Secure Windows 7 Desktop

Chapter 13 – Network Security

COMPREHENSIVE Windows Tutorial 5 Protecting Your Computer.

Copyright © 2011 EMC Corporation. All Rights Reserved. MODULE – 6 VIRTUALIZED DATA CENTER – DESKTOP AND APPLICATION 1.

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,

1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Lesson 11: Configuring and Maintaining Network Security

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:

Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.

Module 10: Windows Firewall and Caching Fundamentals.

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

W elcome to our Presentation. Presentation Topic Virus.

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Securing Your Data in Endpoint and Mobile Environments Frank Suijten Security.

Windows Vista Configuration MCTS : Network Security.

CeedoDesktop Advanced Desktop Layering. What is CeedoDesktop A VDI enabler solution based on “layer virtualization” Integrates with and works on top of.

1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.

Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.

A Quick Tour of Ceedo Deliver environments to un-managed PCs.

A Quick Tour of Ceedo Advanced Desktop Layering (for VDI and more…)

Windows Tutorial 5 Protecting Your Computer

ArcGIS for Server Security: Advanced

Chapter 6: Securing the Cloud

Contents Software components All users in one location:

Microsoft Windows NT 4.0 Authentication Protocols

Do you know who your employees are sharing their credentials with

Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM

Best practices to secure Windows 10 with already included features

Jon Peppler, Menlo Security Channels

Lesson #8 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 8 Configuring Applications and Internet Explorer.

Call AVG Antivirus Support | Fix Your PC

Download dumps - Microsoft Real Exam Questions Dumps4download

Unit 27: Network Operating Systems

Utilize Group Policy Terminal Server Settings

Intercept X for Server Early Access Program Sophos Tester

Information Security Session October 24, 2005

Flexible Computing For Dynamic Desktops

Implementing Client Security on Windows 2000 and Windows XP Level 150

Bethesda Cybersecurity Club

Azure Container Service

Provide secure environment for online assessment with Moodle – POC.

Windows 10 An Operating System

Presentation transcript:

A Quick Tour of Ceedo Safe Browsing and Remote Access Protection

(contractors, offshore, BYOC) When connecting to or from unsafe locations, the end-point\data center is exposed. Organizational Resources Data theft Machine hijacking Ransomware (Cryptolocker) Compromised infrastructure Privacy (session leftovers) etc. Corporate Desktop Unmanaged PC (contractors, offshore, BYOC)

Conceptually… If you could some how create a barrier – an abstraction layer – in the PC stack, you could: Applications Hard Disk Another HDD Operating System Desktop Environment Applications Desktop Environment Operating System Hard Disk Defend the OS and Apps

Abstraction Layer = Virtualization

Ceedo’s virtualization engines - overview Disk virtualization Ceedo has an internal VHD-based virtual disk-mounting system Disks are mounted through internal OS<->disk interface Disks can be mounted with no mount point and into RAM Create child disks, merge disks, etc. Hard Disk Operating System Desktop Environment Applications VHD Process virtualization Process-centric isolation Every operation a specified process tries to execute is manipulated and redirected Virtualization is inherited by child processes For instance, if a virtualized browser opens PDF Reader, the PDF reader will be virtualized too Hard Disk VHD Operating System Desktop Environment Applications

How do we isolate windows components? Think of regular firewalls: Internet\network firewalls allow companies to decide which applications can have incoming or outgoing connections to the network depending on rules Now think of PCs: Our Kernel Firewall allows companies to decide which applications can have access to the OS and other apps! Completely isolating apps depending on rules

Remote Access Protection and Safe Browsing Hard Disk VHD Operating System Desktop Environment Applications Remote Access Protection and Safe Browsing connecting to or from unsafe locations

Isolation – from the inside out Traditional anti malware solutions are mostly based on signature recognition and heuristics. This means that if the attack vector is new or smart enough – you are exposed. Isolation protects the machine by blocking any untrusted software or infected web pages from touching the machine (MITM/MITB). Window title 3/14/2011 3:00PM

Isolation – from the outside in Traditional remote computing relay mostly on communication-centric measures (tunnels, 2FA, etc.). But if the client is compromised, nothing is secure. Isolation prevents the compromised machine from accessing any data generated during a remote session. Window title 3/14/2011 3:00PM

Ceedo’s extra security and privacy tools Nothing is written to the machine and all generated data can be removed entirely at the end of the session. To add an extra layer of protection, the “bubble” runs from a hidden location stored inside an encrypted container. And to seal the environment we also deal with environment permissions (AC), process enforcement, and more…

What we do – in process isolation context Run isolated applications (installed to the host or encapsulated) Protected from the client and protecting the client Leave zero-footprint and/or keep data encrypted Remove all session data after shutdown, or store it in encrypted containers Allowing safe browsing and secure computing To and from unsecure locations keeping privacy and safety

How we do it Isolate processes by redirecting all R/W functions For instance: app writes document to C:\, we divert it to X:\ Capture all R/W data in a hidden disposable VHD volume Optional load VHD as RAM-disk and/or with zero-mount point Leverage native NTFS permissions (AC) Launch processes with “Run-As” using separate user account

Components in process isolation context VHD based isolated environment (optional: with encapsulated applications) Application launcher (host/encapsulated) Kernel “firewall” – intercept and divert R/W operations form virtualized processes Virtual user with separate elevation and NTFS security configurations. Kernel functions “firewall”

Components in process isolation context VHDs and data can be stored inside encrypted containers locked to a specific machine. Environment can force processes to terminate based on MD5 and Certificate Thumbnail (black\whitelist) All components undergo integrity check to protect against tampering Remote wipe\deactivation Kernel functions “firewall”

Thank You www.ceedo.com