Security
Table Of Contents
- View Security
- Contents
- View Security
- Horizon 7 Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure Horizon 7 Environment
- HTTP Protection Measures on Connection Servers and Security Servers
Deploying USB Devices in a
Secure Horizon 7 Environment 6
USB devices can be vulnerable to a security threat called BadUSB, in which the firmware on some USB
devices can be hijacked and replaced with malware. For example, a device can be made to redirect
network traffic or to emulate a keyboard and capture keystrokes. You can configure the USB redirection
feature to protect your Horizon 7 deployment against this security vulnerability.
By disabling USB redirection, you can prevent any USB devices from being redirected to your users'
Horizon 7 desktops and applications. Alternatively, you can disable redirection of specific USB devices,
allowing users to have access only to specific devices on their desktops and applications.
The decision whether to take these steps depends on the security requirements in your organization.
These steps are not mandatory. You can install USB redirection and leave the feature enabled for all USB
devices in your Horizon 7 deployment. At a minimum, consider seriously the extent to which your
organization should try to limit its exposure to this security vulnerability.
This section includes the following topics:
n
Disabling USB Redirection for All Types of Devices
n
Disabling USB Redirection for Specific Devices
Disabling USB Redirection for All Types of Devices
Some highly secure environments require you to prevent all USB devices that users might have
connected to their client devices from being redirected to their remote desktops and applications. You can
disable USB redirection for all desktop pools, for specific desktop pools, or for specific users in a desktop
pool.
Use any of the following strategies, as appropriate for your situation:
n
When you install Horizon Agent on a desktop image or RDS host, deselect the USB redirection
setup option. (The option is deselected by default.) This approach prevents access to USB devices
on all remote desktops and applications that are deployed from the desktop image or RDS host.
n
In Horizon Administrator, edit the USB access policy for a specific pool to either deny or allow
access. With this approach, you do not have to change the desktop image and can control access to
USB devices in specific desktop and application pools.
Only the global USB access policy is available for RDS desktop and application pools. You cannot
set this policy for individual RDS desktop or application pools.
VMware, Inc.
29