Professional Documents
Culture Documents
Issue 23
Issue 23
Issue 23
Understanding
the POS
(Point-of-sale)
Malware
Interview with
Jonathan Brandt
Manager Of Isaca’s Cybersecurity Practices
Interviews
6 Jonathan Brandt Manager of ISACA’s Cybersecurity Practices
Editor
Security Kaizen
Mohamed H.Abdel Akher
Contributors
Magazine Readers
Everywhere, Welcome!
BK team
James Atonakos
Vijay lalwani
Mohamed Elhenawy
khaled Alaa
Waleed Hamouda
Website Development
Mariam Samy
Issue 23 | www.bluekaizen.org | 5
Interviews www.bluekaizen.org
Interview with
Jonathan Brandt
Manager of ISACA’s Cybersecurity Practices
Prior to joining ISACA, Brandt held various cybersecurity leadership roles within
the U.S. Department of Defense throughout his 20 years of military service. Areas
of professional focus include multi-discipline security, organizational leadership,
WWW.Bluekaizen.org
ISACA offers the Cybersecurity Nexus (CSX), a holistic cybersecurity resource. The CSX program
(www.isaca.org/cyber) has many cybersecurity components, including cybersecurity certificate
and certifications—Cybersecurity Fundamentals Certificate, CSX Practitioner Certification, CSX
Specialist Certification, CSX Expert Certification, and CISM.
ISACA also provides and continually updates COBIT, a business framework to govern enterprise
technology.
Recently, ISACA launched the CSX Certifications and Courses. Can you
please give us more details about it? And why ISACA decided to create CSX ?
ISACA builds on its 45 years of global leadership in IT to do for cybersecurity professionals what we have done
for professionals in IS auditing, control and governance over the past 45 years—and will continue to do. This was
a natural evolution for ISACA to serve its 140,000 professionals worldwide.
As a global leader in cybersecurity, ISACA provides tools and training to help create a robust global cybersecurity
workforce. ISACA launched the Cybersecurity Nexus (CSX) in 2014 to address the cybersecurity skills crisis through
resources for every level of a cybersecurity career.
Issue 23 | www.bluekaizen.org | 7
CSX Certifications and Training
CSX Practitioner: Demonstrates ability to serve as a first responder to a cybersecurity incident following
established procedures and defined processes.
CSX Specialist: Demonstrates effective skills and deep knowledge in one or more of the five areas based
closely on the NIST Cybersecurity Framework: Identify, Detect, Protect, Respond and Recover.
CSX Expert: Demonstrates ability of a master/expert-level cybersecurity professional who can identify,
analyze, respond to, and mitigate complex cybersecurity incidents.
Can you give us any numbers, statistics or researches regarding the cyber
security professionals shortage internationally?
According to ISACA’s 2015 Global Cybersecurity Status Report, 92 percent of respondents whose organizations
will be hiring cybersecurity professionals in 2015 say it will be difficult to find skilled candidates. Eighty-three
percent believe cyberattacks are a top threat. Yet an alarming 86 percent say there is a global shortage of skilled
cybersecurity professionals and only 38 percent feel prepared to fend off a sophisticated attack.
What differentiate CSX from other Cyber Security Courses in the market?
The CSX training and skills verification is an adaptive, performance-based cyber lab environment. ISACA is the
first to offer PerformanScore, a learning and development tool that measures professionals’ ability to perform
cybersecurity tasks based on their problem-solving approach. The tool is unique in its ability to recognize that
there are multiple ways to respond to cybersecurity threats and it compares a professional’s actions against an
adaptive scoring rubric in real time.
This is the first program to combine skills-based training with performance-based exams for certifications, and
uses a virtual setting with real-world cybersecurity scenarios.
Significant amounts of technology, both hardware and software, is imported globally to include cyber security
tools. For that reason supply chain management is critical in thwarting hidden malwares, backdoors or flaws and
other vulnerabilities.
However, there is always risk that translates to an urgent need for skills capable of critically inspecting them
before deployment—especially in critical infrastructure and critical industry sectors.
Also, enterprises should strengthen cyber security with staff that is trained and certified in cyber security.
Developing, and maintaining, strong cyber security skills is a critical part of the solution.
CSX certifications and training is designed to help professionals build the skills needed at every level of a career
in cyber security. The performance-based training and exams prepare professionals for real-world scenarios and
the evolution of the ever-changing threat vector.
What was the moral of CSX 2015 North America conference? Do you plan to
have it as a yearly conference?
The CSX 2015 North America conference was sold out and attendees responded favorably in feedback throughout
and after the conference.
The CSX conference will be held annually in North America and is expanding globally in 2016.
Finally, what is your advice for governments, users and organizations to stay secure?
It is uncommon for an organization to not have a security awareness program. The question is, is the security
awareness program effective? 360-degree evaluations can be a useful tool to glean data about your security
climate and make adjustments.
As threat environments evolve, so too should your security needs. The cybersecurity market is inundated with
solutions that often carry expensive price tags. Cybersecurity should be infused into all facets of business and
when a solution has exceeded its usefulness, you cannot be afraid to move on.
Lastly, it is critical to stop treating cybersecurity differently. It is technological risk and requires daily hygiene,
similar to information, physical and operational security. Many would never leave sensitive information (e.g,
salary data) in a common area, leave their doors unlocked at night or freely give out keys to their home. Yet, these
are the exact things—in a digital world—that attribute to many incidents.
Issue 23 | www.bluekaizen.org | 9
www.bluekaizen.org
Grey Hat
James Atonakos
Forensic Investigator at
WhiteHat Forensics
Figure 1: The flow of instructions and data in a computer The pages allocated to a program do not have to all be
Data from RAM is then also written into the cache in the same area of RAM. Much like file fragmentation
during a miss so that future accesses to the same data on a disk, program pages may be fragmented as well,
will result in hits and better memory performance. and spread out across the RAM memory space. Special
registers and tables in the protected-mode architecture
Modern operating systems, such as Windows and Linux, of the Intel 80x86 CPU contain pointers to allocated
support multitasking. This allows multiple programs to pages so that they may be properly accessed when the
run concurrently (but not simultaneously) on one CPU. CPU is fetching an instruction or data from the required
Concurrent execution of multiple programs means that, page.
over a period of time, all programs have experienced
execution time on the CPU. This is accomplished by Now, consider a program that provides a menu of
running one program for a short period of time (called options when it starts up. Once a user selects a
a time slice), then saving all CPU registers, reloading particular menu option, a different section of the
the CPU registers for the next program that will run, program code is executed. This is an example of why
and resuming execution of the next program. This way, it is not necessary to load the entire program into
each program that is “running” gets multiple slices of memory at the beginning of its execution. Perhaps
time every second to execute. only the portion of the program that contains the menu
code is loaded into one or more pages. Then, when
a user chooses an option, the pages for the program
Issue 23 | www.bluekaizen.org | 11
code that implement that option are loaded. Protected
mode provides a way of determining if the instruction
or data being fetched by the CPU is present in a page
or not. If it is not present, a page fault is generated
that causes the operating system to load the necessary
program code into a new page. This of course results
in a small loss of performance, as the CPU must now
wait until the information has been transferred from
the hard disk into a RAM page.
Issue 23 | www.bluekaizen.org | 13
Figure 2(g): RAM contents and PAGEFILE.SYS contents
after multiple page swaps
Conclusion
The evidentiary value of PAGEFILE.SYS has hopefully been demonstrated here. In the same fashion, the Windows
HIBERFIL.SYS file can also be a forensic gold mine, as it contains a complete copy of RAM contents at the time a
computer was put into hibernation.
For Linux investigations, the equivalent to PAGEFILE.SYS is the swap file, where RAM pages are stored when they are
replaced.
The more a forensic investigator understands about the details of how an operating system functions the better.
Knowing the details of how virtual memory is implemented gives the investigator another source of possible evidence
that may be important to a case.
w w w . b l u e k a i z e n . o r g
Get your printed copy of the magazine at your Place by applying for the gold membership ,
for more information contact at member@bluekaizen.Org
Issue 23 | www.bluekaizen.org | 15
New & News www.bluekaizen.org
News
A peek under the hood to the
recent security breaches
The midnight of November 29th, the NSA stopped its bulk collection of
telephony metadata once authorized under Section 215 of the USA Patriot
Act. Under the USA Freedom Act, two and a half years after Edward Snowden’s
revelations
No longer will the NSA rely on the Patriot Act’s Section 215 to collect all
phone records. Instead it will have to contact telecommunications companies
holding the data for them.
BK Team
WWW.Bluekaizen.org
The cybercrime tools supports file transfer, screen capture, keystroke logging, process injection, process manipulation,
and task scheduling.
The reports also showed that SQLi and XSS are among the
Open Web Application Security Project’s (OWASP) Top 10
most critical web application security risks.
Issue 23 | www.bluekaizen.org | 17
Censys, The new search engine for hackers
Censys is a free search engine that was originally released in October by researchers from the University of Michigan,
it is currently powered by Google. A new Search Engine like Shodan for devices exposed on the Internet, it could be
used by experts to assess the security they implement.
“We have found everything from ATMs and bank safes to industrial control systems for power plants. It’s kind of
scary,” said Zakir Durumeric, the researcher leading the Censys project at the University of Michigan
John Matherly, founder and CEO of Shodan, says he doesn’t think his coverage is much different, and notes that
Shodan currently probes IP addresses in a wider variety of ways than Censys, for example looking specifically for
certain types of control system.
https://goo.gl/MvcEJB
Contact US : member@bluekaizen.org
Egypt : +2 010 2085 4994
Dubai : +971 0503047401
www.bluekaizen.org
Reviews
Malware Review
Understanding the
POS (Point-of-sale)
Malware
The payment card industry has a set of data security The regex may gather some garbage value from the
standards to ensure that all companies that process, process memory space of RAM depending on its
store, or transmit credit card information maintain a accuracy. To avoid garbage value parsed by regex,
secure environment known as PCI-DSS (Payment Card some POS RAM scrapers implement Luhn validation to
Industry Data Security Standard). These standards check the card data gathered.
require end-to-end encryption of sensitive payment
data when it is transmitted, received or stored. When the credit card is swiped in the POS system, the
data stored on the card is copied into the POS software’s
This payment data is process memory space
decrypted in the POS’s in the RAM temporary
Point-of-sale
RAM for processing, and for authentication and
the RAM is where the processing for transaction
scraper strikes. of payment.
For the PCI DSS
requirements and Here is where the POS
(POS)
overview visit here. RAM Scrapers starts its
work: It retrieves the list of
POS RAM Scraping processes that are running
Payment card data on the POS system and
structure: searches each process
The magnetic stripe on memory for card data. It
malware
the back of a payment searches each and every
card has three data tracks, process’ memory and
but only tracks 1 and 2 are retrieves Tracks 1 and 2
used as defined by the card data as per the regex.
International Organization
for Standardization (ISO)/
International Electro Technical Commission (IEC) 7813 POS RAM Scrapers Variants:
The earlier variants of POS RAM Scrapers only included
PAN and Luhn: the following basic functions:-
The data track of payment cards’ content PAN (Primary • Install a malware as a service
Account Number) is anywhere between 16 and 19 • Scan POS system process’s RAM for credit card Track
digits long and has the following format: 1 and Track two data
MIII-IIAA-AAAA-AAAC • Dump the results into a text file
The first six digits are known as the “Issuer • The text file was then probably accessed remotely
Identification Number” (IIN). Its first digit is called the or manually
“Major Industry Identifier” (MII). Major card networks—
Visa, MasterCard, Discover, JCB®, AMEX, and others—all
have unique IIN ranges that identify which institution
issued a card. A: Account number can be up to 12 digits,
C: Check digit calculate using the Luhn algorithm. All
the valid credit card numbers must pass this Luhn
validation check.
Issue 23 | www.bluekaizen.org | 21
As the time passes, the POS RAM Scraper is targeting The main aim of attackers is to compromise this
more large organizations and has the capability of management server from where it can infect all the
performing the following functions:- POS systems at different geographic locations. The
• Networking functions (for exfiltration of stolen card attackers can compromise this server by understanding
data to remote server using HTTP, FTP, Tor, etc.) the organization’s network structures, finding the
• Encryption (encrypt the stolen card data before weakness and gaining access to networks by using
exfiltrating) the weakness. This can be done by using the above
• BOT and Kill Switch operation (can receive the mentioned techniques for infecting POS systems. After
commands from C&C server including commands for gaining access to the network, attackers establish the
uninstalling the malware) communication with the C&C server and will perform
• Multiple exfiltration techniques the reconnaissance on the organization’s network and
collect the information that will help them compromise
Challenges for the attacker: the POS management server. Once they succeed in
The big challenge for attackers in successfully gathering compromising the POS management server, they start
the data is to infect the POS system with POS malware. infecting the POS systems managed by this server.
There are many techniques that can be used by the Attackers will also set backdoors so that a command
attackers to infect the POS system: for removing the malware from POS systems can be
• Insider jobs issued by C&C server for removing all the traces of the
• Spamming or Phishing infection.
• Social engineering
• Lateral movement from existing infections Prevention steps:
• Vulnerability exploitation Restrict remote access: Limit remote access into POS
• Abusing PCI DSS noncompliance systems by third-party companies.
• And many other techniques to infect POS systems Enforce strong password policies: PCI Compliance
Report says that over 25% of companies still use factory
Infecting POS Systems: defaults.
Today, many organizations using POS systems have Reserve POS systems for POS activities: Do not allow
branches in different geographic locations. In these staff to use them to browse the web, check email, or
situations, organizations have POS management play games.
servers which manage all POS systems present at Use two-factor authentication: Stronger passwords
different geographic locations. would reduce the problem, but two-factor
authentication would be better.
Malware Review
Executive Summary
This is an analysis of a packed executable malware, by analysis it was
identified as NitLove PoS. Malware analysis team performed behavioral
and code analysis of this sample. This malware is a packed executable. This
malware is a Trojan that targets the PoS systems, it keeps itself hidden in
the system and steal credit card information.
This malware is targeting credit card track 1 and track 2 data at the RAM
of PoS systems.
The payment card industry has a set of data security standards known
as PCI-DSS. These standards require end-to-end encryption of sensitive
payment data when it is transmitted, received or stored.
This payment data is decrypted in the PoS’s RAM for processing, and the
RAM is where the malware strikes. It harvests the clear-text payment data
Issue 23 | www.bluekaizen.org | 25
Behavior analysis
1. Process Activity:
Starting new process “wscript “C:\Users\Test\AppData\
Local\Temp:defrag.vbs””
2. File Activity:
Creating tow hidden files via alternative data stream
C:\Users\Test\AppData\Local\Temp:defrag.vbs
C:\Users\Test\AppData\Local\Temp:defrag.scr
Deleting itself
3. Registry Activity:
Adding a new key in the Run registry with name
“Defrag” and value “wscript “C:\Users\Test\AppData\
This called function is used to get addresses of some
Local\Temp:defrag.vbs””
APIs which used to get information about system and
read data from certain resource, this data is used with
4. Network Activity:
some data from the malware itself to generate a new
No network Activity
function.
Code analysis
Note: one of pieces of the information retrieved is
As mentioned the packing algorithm of this malware
the flag of BeingDebudded which consider as anti-
is a custom one, so there isn’t an automated tool to
debugging technique and must be handled during
unpack it and it must be unpacked manually
analysis
After traversing the code, we reached to the instruction
where it will go to the malware code
Issue 23 | www.bluekaizen.org | 27
The malware read the computer name and product
name and used them with a hardcoded string to create
a new string which will be used in connection with
C&C.
262E034FHWAWAWAWA
<WIN-CI5PMPV3JV8>
<Windows 7 Enterprise>
This is a simple view for the connection while the value
Then it concatenated the MachineGuid with its name at the beginning of sent data is a calculated value
“nit_love” to use it as a user agent, after that it initialized depending on the machine information.
connection with the domain “systeminfou48.ru” on Unfortunately, the C&C was down so we can’t get more
port 443. information and the thread still looping waiting for
The malware sent a post request to the page “derpos/ connection with C&C.
gateway.php” which contains the previously generated 2nd thread is responsible for inter-process
string (computer name and product name string) communication. It creates a mailslot which used by
threads for communication.
The malware created mailslot with name “\\.\mailsl
ot\95d292040d8c4e31ac54a93ace198142” and start
listening on it for collected data from 3rd thread. Once
data received, it sent to C&C the same way the machine
information sent
Issue 23 | www.bluekaizen.org | 29
www.bluekaizen.org
Reviews
A Guide to Business
Continuity Planning
Purpose
Disasters can strike any time. These range from large-scale natural catastrophes
and acts of terror to technology-related accidents and environmental incidents.
The causes of hazards may be different – whether human negligence,
malevolence or natural disasters but their likelihood (and seriousness) is no
less real.
The purpose of this document is to give an overview of what is Business
Khaled Alaa Continuity Planning and provide some guidance and resources for beginner.
Plan Establish business continuity policy, objectives, targets, controls, processes and
(Establish) procedures relevant to improving business continuity in order to deliver results that
align with the organization’s overall policies and objectives.
Do Implement and operate the business continuity policy, controls, processes and
(Implement procedures.
and operate)
Check Monitor and review performance against business continuity policy and objectives,
(Monitor and report the results to management for review, and determine and authorize actions for
review) remediation and improvement.
Act Maintain and improve the BCMS by taking corrective action, based on the results of
(Maintain management review and reappraising the scope of the BCMS and business continuity
and improve) policy and objectives.
Issue 23 | www.bluekaizen.org | 31
What Is Business Continuity Planning How ISO 22301 Helps
Business Continuity refers to the activities required
to keep your organization running during a period of
Business Continuity Issue
displacement or interruption of normal operation.
Whereas,
Disaster Recovery is the process of rebuilding your
operation or infrastructure after the disaster has
passed.
h) Fire
• It needs you to consider interested parties • Reduces impact and frequency of business
affected by the BCMS and their requirements and disruptions
plan out how, when and who you will communicate • Enhances your ability to respond when disruptions
with do occur
• It makes sure that a BC strategy is developed, • Gives you confidence in your responses and ensures
that defines acceptable timescales for resumption appropriate and agile contingencies
of activities for both you and your suppliers • Better stakeholder/interested party relationships
• It enables you to understand the impact of risks
facing your organization
• It requires cross organizational working
• It needs you to test your plans and work jointly
with partners and suppliers through exercising –
making BC real, not just a paper-based exercise
• It requires you to implement and maintain • Protects and enhances your reputation and credibility
BC plans, helping you better manage disruptive • Improves your ability to win tenders
incidents and continue activities • It calls for • Increases business growth, attracting more investors
plans to be tested regularly to ensure they work
and gives you confidence that you can deliver, on
time as your customers and contracts dictate • It
ensures you understand your role in your wider
environment and supply chain
• It requires you to evaluate the impact of a • Greater visibility of business risks both externally
disruption based on your organization’s ability to and internally across the organization
operate over time • Increases confidence in your recovery plans
• It makes sure you mitigate business continuity • Shows your clients and supply chain that you are
risks based on impact not the cause of incidents committed to BC
• It requires you to carry out regular risk • Demonstrates a duty of care to staff, no matter what
assessments, including those affecting interested happens
parties and the wider community • Cost savings through mitigating impact of disruptions
• It makes you consider how each risk will be • Improves risk identification and brings about a
handled consistent approach across your organization
• It requires top management involvement in the • Strengthens management commitment and ensures
development and continual improvement of the BCM is taken seriously
BCMS • Increases employee engagement and understanding
• It makes sure top management provide the • Makes sure sufficient resources are available for BC
relevant resources to deliver the BCMS testing and delivery
• It calls for top management to assign and • Gives visibility to employees, suppliers and
communicate roles and responsibilities related to customers of senior management’s commitment to
the BCMS BCM
• It requires top management’s “active
engagement” in exercising
Issue 23
22 | www.bluekaizen.org | 33
How to Prepare Business Continuity Pan PART I INTRODUCTION
Business Continuity Planning Phases
PART II DESIGN OF THE PLAN
1. Project Initiation 1. Overview a Purpose
• Define Business Continuity Objective and Scope of a. Assumptions
coverage. b. Development
• Establish a Business Continuity Steering Committee. c. Maintenance e Testing
• Draw up Business Continuity Policies.
2. Organization of Disaster Response and Recovery
2. Business Analysis a. Steering Committee
• Perform Risk Analysis and Business Impact Analysis. b. Business Continuity Management Team
• Consider Alternative Business Continuity Strategies. c. Organization Support Teams
• Carry out Cost-Benefit Analysis and select a Strategy. d. Disaster Response
• Develop a Business Continuity Budget. e. Disaster Detection and Determination
f. Disaster Notification
3. Design and Development (Designing the Plan)
• Set up a Business Recovery Team and assign 3. Initiation of the Business Continuity Plan
responsibility to the members. a. Activation of a Site
• Identify Plan Structure and major components b. Dissemination of Public Information
• Develop Backup and Recovery Strategies. c. Disaster Recovery Strategy
• Develop Scenario to Execute Plan. d. Emergency Phase
• Develop Escalation, Notification and Plan Activation e. Backup Phase
Criteria. f. Recovery Phase
• Develop General Plan Administration Policy.
4. Scope of the Business Continuity Plan
4. Implementation (Creating the Plan) a. Category I - Critical Functions
• Prepare Emergency Response Procedures. b. Category II - Essential Functions
• Prepare Command Center Activation Procedures. c. Category III - Necessary Functions
• Prepare Detailed Recovery Procedures. d. Category IV - Desirable Functions
• Prepare Vendors Contracts and Purchase of Recovery
Resources. PART III TEAM DESCRIPTIONS
• Ensure everything necessary is in place. 1. Business Continuity Management Team
• Ensure Recovery Team members know their Duties 2. Organization Support Teams
and Responsibilities. b- Damage Assessment/ Salvage Team
c- Transportation Team d- Physical Security Team
5. Testing e- Public Information Team
• Exercise Plan based on selected Scenario. f- Insurance Team
• Produce Test Report and Evaluate the Result. g- Telecommunication Team
• Provide Training and Awareness to all Personnel.
PART IV RECOVERY PROCEDURES
6. Maintenance (Updating the Plan) 1. Notification List
• Review the Plan periodically. - Contact Information for all the Teams’ members.
• Update the Plan with any Changes or Improvement.
• Distribute the Plan to Recovery Team members. 2. Action Procedures
- List of Actions to be carried out by each Team.
Business Continuity Plan outline (simplified based
on the sample BCP provided by MIT)
References
http://www.thebci.org/index.php/resources/what-is-business-continuity
http://www.thebci.org/index.php/resources/knowledgebank/cat_view/1-business-continuity/8-bcm-lifecycle
https://www.sans.org/.../introduction-business-continuity
The internal threats are the main security Challenge , now a days using
private cloud with VDI (Virtual Desktop Infrastructure) in enterprise solution it
could add some value controls to mitigates some of the internal information
security threats .In 90’s there was very little exchange of files between
people. Most data was exchanged on floppy disks, USB Flash Memory; CD–
RW that still a threat in the information security beside the Internet.
Issue 23 | www.bluekaizen.org | 35
The threat of viruses/Trojans is high. Secure the VDI does that, traditional desktops cannot
traditional PC in network against Virus is takes time
because of distributing A/V signatures update on each When you use Virtual Desktop Infrastructure (VDI) ?
Traditional PC and the complexity of Viruses now What is the different between Endpoint of Zero
Advanced Persistent Threat (APT) are a set of stealthy Clients and Thin Clients?
and continuous computer hacking processes that
could be distribute in network before A/V detect . Enterprises Business reach the decision to create a
Virtual Desktop Infrastructure (VDI), there comes the
VDI is more secure than traditional Desktops, if you question, “thin clients or zero clients?” Thin Clients
are able to centralize your data there are several and Zero Clients are both small form factor, solid state
benefits in security and Support, they are: computing terminal devices, specifically designed for
VDI, but they have many different characteristics as
1. Proactive response to security incidents - If you deploy well.
VDI and all of your desktop operating systems are When choosing between thin clients and zero clients,
running in a centralized data centre (or regional data you need to understand the benefits and the challenges
centres throughout the world), then patching those of your VDI option that will help you to make the right
Windows instances is able to be done more rapidly, choice, the required environment being deployed and
distributing A/V signatures, HIPS agent updates, ..etc the users’ needs on desktop.
can be more rapidly accomplished than if those assets Virtual desktops are hosted in the data centre and
were spread over WAN links or frequently disconnected the thin or Zero client simply serves as a terminal to
from the network as in the case of laptops. the back-end server just like the concept of the Main
Frame and Terminals in 70 seventies and 80 eighteens
2. Collapse branch infrastructure - If you are successful of last century, by using Zero or Thin Clients you
at deploying VDI at large scale you can probably avoid that three year lifecycle refresh on PCs by either
collapse branch office file/print servers, email servers repurposing these PCs as terminals or replacing those
and maybe even app servers. PCs with cheaper terminals and utilize the hardware
that is more than user needs in Hard disk or Rams or
3. Data sharing - If all over your data is in one location, CPU in PCs.
it will be much easier to share data among users VDI lets you push out compute resources from a server
without needing to worry about delays transmitting rather than having to install those resources directly
that data over WAN connections or having to worry onto the end-user’s device Like PC’s, Because VDI
about replicating data in multiple sites. depend on the servers behind the scenes to handle
the compute, you’re less likely to need to update or
4. Data backup - If you data is located centrally it will refresh the end point devices.
be much easier to backup data and configure offsite In many ways thin clients and zero clients are similar,
data backups. If you data was spread over 100 different but what are the differences between the two? More
sites, you would potentially need multiple backup importantly, which of the two types would be best for
systems and multiple DR strategies. your IT environment?
5. eDiscovery - If you organization requires eDiscovery The Similarities Between Thin and Zero VDI Clients
for audit purposes, having the data in one place When you go to virtualization the infrastructure of the
makes this slightly easier. You will still of course need environment to support the VDI is based on the back
to address eDiscovery on any laptops, smartphones, end of the servers at Data Center both Zero and Thin
tablets, etc. But it does make it a bit easier. VDI Clients has same benefits.
• simple to install and replace
6. Protect against stolen (No more need to worry about • require less maintenance
stolen secrets or missing laptops) entire hardware as • improve security
traditional PC like Hard Disk, Obviously VDI use Think • reduce hardware needs than PC’s
Client or Zero Client has no potential to steal Hard Disk, • rely on a network connection to a central server for
or the Device itself because it will not work without full computing and don’t do much processing on the
Servers. hardware itself
• required Management system centralized
7. Reduce desktop support, management costs, and
low power energy.
Thin Zero
own native operating systems, usually offering a have a highly tuned onboard processor specifically
version of Windows Embedded Standard (WES) or designed for one possibly three VDI protocols
a Linux based operating system such as DeTOS. (PCoIP, HDX, or RemoteFX). Most of the decoding
and display processes take place in dedicated
hardware BIOS.
utilize connection protocols such as Citrix ICA utilize connection protocols such as Citrix ICA
or Microsoft RDP in order to remotely access a or Microsoft RDP in order to remotely access a
desktop that is being hosted on a Virtual Machine desktop that is being hosted on a Virtual Machine
stored on a server stored on a server
consider whether you need capabilities such Less speed with high 3-D , not support high Video
as 3-D, video conferencing and multi-monitor and multi-monitor support
support
Booting on the embedded operating system then have boot up speeds of just a few seconds and
go to the Server. are immune to viruses
Need Maintenance for the Embedded operating requires very little maintenance only need Bios
system updated if significant change/enhancement.
The users options for what they can do is not The users options for what they can do is more
limited limited.
Issue 23 | www.bluekaizen.org | 37
Capture the Flag competition at GISEC 2016
29th - 31st March
Dubai World Trade Centre
www.cybertalents.com