Virtual Desktops

(John Raley) #1

Desktops are the primary infiltration point for ransomware and malware in general. One of the technologies we have implemented to fight ransomware is Virtual Desktop Infrastructure (VDI). We use pooled virtual desktops which means that every time someone logs off their virtual desktop (VD) it is deleted and a new one is booted from an image. This allows us to quickly dispose of a PC if it gets infected with any malware. Most of the physical workstations are ThinClients. We have some physical ThickClients (Windows PCs or laptops) that connect to VDI and I am hoping to get rid of those or at least lock them down where they cannot access anything on the network except VDI or the guest VLAN to the internet.

VDI does not prevent ransomware but does allow you to contain it and limit the damage, as long as you catch it quickly. Ransomware is not the reason we moved to VDI but I have found that it helps the fight against it.

(Brian Richards) #2

How does use of VDI limit ransomware? Does it limit the impact to just the one desktop/image? I ask because we use VDI extensively where I work, and I’m curious as to how it limits infections.


(John Raley) #3

Are you using persistent desktops or non-persistent? In a persistent desktop deployment you won’t see the benefit I was talking about earlier. When using non-persistent desktops every time a user logs on you are basically re-imaging a new PC for them. If you catch the source of the ransomware early you can kill that desktop and the user will get a new one when they log back on. The user will still have encrypted files as well as any shares that were hit but, most of the time the actual ransomware app itself will be gone after the virtual desktop was deleted.

(Edwin Eekelaers) #4

Have you experimented already with deepfreeze? It does something similar.

(John Raley) #5

I am familiar with deepfreeze as well and you get the same functionality I was talking about with non-persistent desktops as well. It doesn’t prevent the infection but it at least gives you a quick way to stop the damage from spreading.