Like many IT guys, my first job was desktop support, where my days consisted of dealing with computer malfunctions. The company I worked for had mainly identical desktops for each department, which were delivered in batches and ghost images then applied. However, there was always one or two which wouldn’t accept the image or randomly decided not to work properly. I remember at the time thinking it seemed crazy to put in place so many computers that can individually go wrong, when systems like mainframes that employ a terminal topography, are being made redundant.

I’m clearly not the only person to have thought this, and the trend for thin client services, and now cloud computing, have grown in popularity (I’m going to look at cloud computing in my next blog).

Over the last 5 years, I’ve seen this technology really mature, and the speed of connections improve so much, that when we put together the new service offering from Vigilante Bespoke (VB), I decided to have a serious look at whether we could offer a secure desktop environment for our clients; and thoroughly review the pros and cons of doing this.

VB offers tailored security solutions for people that fall outside the usual corporate structure, but deal with important and valuable information; such as celebrities, authors, and current and previous politicians. The idea of the virtual desktop is to enable our clients to connect from anywhere in the world, through and internet connection, and work on their desktop, with their files, e-mails and applications, which are all ready to use.

Let us start with the obvious major security concern; to access a virtual desktop you need to connect via the internet, rather than straight on to your laptop or corporate PC / server. This makes people feel nervous. However the other side of this argument is that having your desktop centralised, does remove some of the need for information to be stored on USB keys, laptops and other types of mobile devices, which can be lost, or stolen. It also removes the need for costly software or hardware encryption of these devices.

The next concern is authentication. If I’m sitting in a cybercafé on holiday in Spain and type in my credentials, will a backdoor or keyboard sniffer installed on the host I’m using, be able to copy my credentials? The solution is to use token-based security. So even if my credentials are copied, the hacker will not be able to replicate that third factor.

The next point of discussion: What about an external hack? Could a buffer overflow or other vulnerability be exploited in the software, to allow an attacker access to the environment? Well, this is a fear that every organisation faces, and the usual measures must be put into place. We operate a multi-tiered environment, with industry leading security devices, IDS, and 24×7 monitoring – to name a few!

So we’ve looked at external security risks, what happens if there is an internal issue, and one user is accidently allowed to view another data? We looked long and hard at the products available, and we have found a solution which logically separates both desktops and storage. There is no way that one user can stumble upon another user’s data.

The last aspect to consider was physical security. Will a customer allow us to store their information rather than keep it at home, or at their business? Well a major consideration when setting up VB, is that we must have a secure environment to host our IT equipment. We chose an ex-military nuclear bunker for this. The facility is incredibly secure, with ID, biometric validation, 24×7 guards, wired perimeter fence, and pre-authenticated validation control. The premises have systems to deal with fires, floods, and power-cuts, and are kept at a constant temperature to minimise kit failure. Finally the unit has several inbound and outbound network streams, with EMP protection. How many homes and businesses can offer the same? On top of this, our storage is encrypted, and multiple factor authentication mechanisms are required to access the systems.

So in conclusion; if properly implemented, with the right investment made on the right solution, virtual desktops can be secured to allow our clients a central place to view and store their information.

Actor is latest celebrity victim of online impostors, with nearly 20,000 subscribers signing up to phoney feed of his every move.

http://www.guardian.co.uk/film/2009/mar/09/ewan-mcgregor-fake-twitter-feed

Internet browser security took a beating during Day 1 of an annual hacking competition, with Apple’s Safari, Microsoft’s Internet Explorer and Mozilla’s Firefox all being felled in a matter of hours.

The uncontested champion of the contest was a University of Oldenburg, master’s candidate, who managed to fell Safari, IE 8 and Firefox at the Pwn2Own contest at the CanSecWest security conference in Vancouver, British Columbia. He joined security researcher Charlie Miller, who was able to successfully hack Safari with a separate remote-execution exploit.

http://www.theregister.co.uk/2009/03/19/pwn2own_day1

A survey of London commuters suggests that 4.2m Britons store data on their mobiles that could be used in identity theft in the event they are stolen.

Only six in 10 use a password to limit entry into the phones, according to the survey by security firm Credant.

The survey found that 99% of people use their phones for business in some way, despite 26% of them being told not to.

http://news.bbc.co.uk/2/hi/technology/7950263.stm

Software allowing fraudsters to track what you type led to the level of online banking fraud more than doubling in 2008, according to a banking body.

Fraudsters use a device called keylogging – when keystrokes on a computer are tracked to gather passwords and credit card numbers.

http://news.bbc.co.uk/2/hi/business/7952598.stm

An unpatched flaw in Adobe Acrobat and Reader might be exploited without even needing to trick a surfer into opening a maliciously constructed file.

http://www.theregister.co.uk/2009/03/05/click_free_pdf_peril/

Software used to control thousands of home computers has been acquired online by the BBC as part of an investigation into global cyber crime.

http://news.bbc.co.uk/2/hi/programmes/click_online/7932816.stm

Taking a look at the top hacking stories from the last few months.

http://www.telegraph.co.uk/news/4949044/Spotify-hacked-top-recent-hacker-stories.html

An annual hacker competition planned for next month has setting its sights on Apple’s iPhone and four other smart phones in a contest that will pay cash prizes of $10,000 to anyone who can break in to the mobile devices.

http://www.theregister.co.uk/2009/02/26/pwn2own_your_phone/

Griff Rhys Jones, narrowly escaped death by leaping from their blazing motor cruiser into shark-infested seas. The comedian lost his laptop containing his nearly-completed new book on rivers, linked to his new television series.

http://www.telegraph.co.uk/news/worldnews/southamerica/galapagos/4331557/Griff-Rhys-Jones-tells-of-cheating-death-in-shark-infested-seas-after-leaping-from-his-burning-yacht.html