VMware Horizon 7.13 Connection Server Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Connection Server must have X-Frame-Options enabled.
<VulnDiscussion>RFC 7034 HTTP Header Field X-Frame-Options, also known as counter clickjacking, is enabled by default on the Horizon Connecti...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Connection Server must have Origin Checking enabled.
<VulnDiscussion>RFC 6454 Origin Checking, which protects against cross-site request forging, is enabled by default on the Horizon Connection ...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Connection Server must enable the Content Security Policy.
<VulnDiscussion>The Horizon Connection Server Content Security Policy (CSP) feature mitigates a broad class of content injection vulnerabilit...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Connection Server must enable the proper Content Security Policy directives.
<VulnDiscussion>The Horizon Connection Server Content Security Policy (CSP) feature mitigates a broad class of content injection vulnerabilit...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The PCoIP Secure Gateway must be configured with a DoD-issued TLS certificate.
<VulnDiscussion>The DoD will only accept PKI certificates obtained from a DoD-approved internal or external certificate authority (CA). If th...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Connection Server must not allow unauthenticated access.
<VulnDiscussion>When the Horizon native smart card capability is not set to "Required", the option for "Unauthenticated Access" is enabled. T...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Connection Server must be configured to restrict USB passthrough access.
<VulnDiscussion>One of the many benefits of VDI is the separation of the end user from the "desktop" they are accessing. This helps mitigate ...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Connection Server must prevent MIME type sniffing.
<VulnDiscussion>MIME types define how a given type of file is intended to be processed by the browser. Modern browsers are capable of determi...Rule Medium Severity -
SRG-APP-000456-AS-000266
<GroupDescription></GroupDescription>Group -
All Horizon components must be running supported versions.
<VulnDiscussion>Security flaws with software applications are discovered daily. Vendors are constantly updating and patching their products t...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.