Back From Boston – BriForum in the Rear View…

August 5, 2014
By Moka5
#bostonITparty #briforum

John Whaley reports back from BriForum

I returned to BriForum last week and as usual, it was a lot of fun catching up with the usual suspects who typically frequent this August event as well as meeting some fresh new faces. I liked the new venue in Boston much better than the previous Chicago venue(s). It’s 15 minutes away from the airport via the Silver Line, as compared to 1+ hours from Chicago O’Hare.

During the keynote Brian developed the BriForum mobile app, with support for all smartphone types:

https://twitter.com/brianmadden/status/491212437173968898

Best. Mobile. App. Ever. You don’t even need to install anything!

We had a lot of people come by the Moka5 booth. Most knew about Moka5 already and were asking what was new in our product. The most popular new feature was the extreme scalability of our recent Vanguard release (14,000 endpoint devices per server). That truly underscores the architecture advantage of the Moka5 solution as compared to server-side VDI solutions. We aren’t done yet - there are still more optimizations we will make so as to double that number again.

Our technical session, “Virtual Datacenter Infection: Attacking VDI from the Endpoint” made a big splash.

http://www.slideshare.net/joewhaley/bri-forum-attackingvdi-37371133

People love the live demos:

- A user connected to a VDI session and the target machine was instantly rooted and a reverse shell was opened to a random machine on the Internet, completely unbeknownst to the user.

- I demoed stealing the password database out of a locked-down VDI instance via automatically displaying and parsing QR codes.

- I captured a packet trace from my VDI session and used the timing of the network packets to determine the keystrokes that were entered in the “secure” VDI session.

VDI vendors pretend that running the desktop in the datacenter is more secure than running it on the endpoint device. But these kinds of security flaws are inherent in the VDI architecture when you connect from an unsecured endpoint device into the virtual machine in the datacenter. Simply said, better management means better security. To the extent that VDI makes management easier, it can allow you to improve security. But, there are many solutions (including Moka5) that allow you to simply improve management without the cost, complexity, or limitations of VDI.

For the rest of the show, a lot of people (including VMware and Citrix employees) talked about this class of attacks and how to protect against them. People still seemed incredulous that such attacks are possible, even though I demonstrated how trivial they are during the session. I also published the tool we used during the presentation on Github: https://github.com/joewhaley/VirtualRubberDucky

A number of attendees already tried it out and contacted me about their results. The truth is the solutions being pushed by VDI vendors are way behind in this area. At Moka5, we have had to deal with client security questions from day one, because the workspace is running on the endpoint device. VDI solutions have mostly sidestepped this issue because they just say “It’s running in the datacenter. It must be more secure!”

I think our BriForum session went a long way in debunking the VDI security myth. These claims have gone unchecked for too long - but there is still a long way to go. Event this week, Citrix published a new whitepaper reiterating the same falsehoods about VDI and security. Clearly they missed our BriForum session that had already debunked every claim they made in that whitepaper :-). If you agree that it’s time for VDI vendors to get serious about security – tell them! After all – you’re the one who gets nailed when their stuff breaks down.

 

Check out our datasheets section if you want more security related goodness!

Comments are closed.