Technical brief

Secure Your VDI Environment

Maintain data security without sacrificing performance

Best Practices Enhance Protect against cyberthreats

VDI Security
Empowering your remote workforce with virtual desktop infrastructure (VDI)
means placing more devices and data out of direct IT control, increasing your
55% decrease vulnerability to data theft and cyberattacks. Dell Validated Designs for VDI
help you maintain security without sacrificing performance. Engineering testing
in threats validates that implementing Security Technical Implementation Guide (STIG)
with basic network scan1 actions and Microsoft® security baselines reduce threats by up to 58%1, so you
can adopt VDI with confidence.

21% decrease Validation overview

in threats Engineering validation uses Tenable to take a deeper look at the solution stack,
using targeted scans and predefined templates to flag known vulnerabilities in
with PCI quarterly external scan1
the systems that may be exploited. We used the following scans during testing:

Basic network scan: This scan has all of Tenable.io’s current plugins enabled.
58% decrease It provides a quick and easy way to scan assets for all vulnerabilities. You
cannot disable individual plugins in a basic network scan.
in threats Payment card industry (PCI) quarterly external scan: Designed specifically
with policy compliance auditing scan1 in accordance with the specifications set forth by the PCI Security Standards
Council, this scan provides an outside‑in perspective of the target vector and
therefore performs only remote checks. There is little customization possible
with it — users are limited to adjusting the scan’s performance settings to allow
for proper analysis in accordance with the network’s capabilities.

Policy compliance auditing using Defense Information Systems Agency

(DISA) audit files: Allows you to perform compliance audits of numerous
platforms including databases, Cisco®, Unix® and Windows® configurations
as well as sensitive data discovery based on regex contained in audit files.
Audit files are XML‑based text files that contain the specific configuration,
file permission and access control tests to be performed.

1 Considers critical and high severity threats only.

Based on Dell Technologies internal engineering
testing implementation guide, STIG and Microsoft
Security Baseline‑Based Hardening of a VMware
Horizon® on a VxRail‑ Based VDI Environment,
January 2023.

© 2023 Dell Inc. or its subsidiaries.

 Learn More Test and performance analysis methodology
Dell.com/VDI
Tenable testing process and monitoring
We tested each piece of the solution stack with the following methodology:
• Each piece of the solution stack was scanned three times using the
above‑mentioned scans to ensure data correlation. This was used to create
a baseline of the solution stack before any STIGs were applied.
• Once the baseline was created and captured, the STIGs were applied to
the solution stack. The solution stack was then scanned an additional three
times to ensure data correlation.
• Once both the before and after test cases had been completed, the results
were compared to show the differences between them.

Scan Operating Pre‑STIG Post STIG Change

template system baseline threats
Basic network scan Windows • Severity Critical 1
• Severity High 8
• Severity Medium 10
• Severity Low 2
Basic network scan VMware® • Severity Critical 0
• Severity High 0
• Severity Medium 21
• Severity Low 0
PCI quarterly external scan Windows • Severity Critical 3
• Severity High 16
• Severity Medium 15
• Severity Low 2
PCI quarterly external scan VMware • Severity Critical 0
• Severity High 16
• Severity Medium 82
• Severity Low 0
PCI quarterly external scan Linux® • Severity Critical 0
• Severity High 4
• Severity Medium 5
• Severity Low 1
Policy compliance auditing Windows • Severity Critical 0
using DISA audit
• Severity High 265
• Severity Medium 43
• Severity Low 0
Policy compliance auditing VMware • Severity Critical 0
using DISA audit
• Severity High 52
• Severity Medium 284
• Severity Low 0
baseline threats
• Severity Critical 0 12
• Severity High 4
• Severity Medium 4
• Severity Low 1
• Severity Critical 0 0
• Severity High 0
• Severity Medium 21
• Severity Low 0
• Severity Critical 1 5
• Severity High 16
• Severity Medium 12
• Severity Low 2
• Severity Critical 0 16
• Severity High 10
• Severity Medium 72
• Severity Low 0
• Severity Critical 0 0
• Severity High 4
• Severity Medium 5
• Severity Low 1
• Severity Critical 0 165
• Severity High 104
• Severity Medium 39
• Severity Low 0
• Severity Critical 0 22
• Severity High 30
• Severity Medium 284
• Severity Low 0

2023 Dell Inc. or its subsidiaries. All Rights Reserved. Dell Technologies, Dell and other trademarks are trademarks of Dell Inc. or its subsidiaries. Microsoft® and Windows®
are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Cisco® is a registered trademark or trademark of Cisco
Systems, Inc. and/or its affiliates in the United States and certain other countries. UNIX® is a registered trademark of The Open Group. VMware® is a registered trademark or
trademark of VMware, Inc. in the United States and other jurisdictions. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries. Other trademarks
may be trademarks of their respective owners. Technical brief virtual‑desktop‑security‑brief‑101