Remote Desktop, VDI & Kiosk Security #26
Conversation
Added comprehensive documentation on Remote Desktop Protocol (RDP), Virtual Desktop Infrastructure (VDI), and Kiosk Mode, including security risks and controls.
Added new sections for Remote Desktop, VDI, and Kiosk Security.
|
thanks @vishantgawali1811, I appreciate the submission, I can't help but notice that the tone and style of your submission is very different from the rest of the document. It would help the overall flow if you could revise it to better match the original style please. I can't accept unusual characters like ↓ and emojis as they risk breaking the PDF document creation automation and if anyone is ingesting the document it might impact them too. I will take an action to create more detailed contributing instructions so that others know in the future. Finally, each testing item should be written so that it is actionable by the reader, our audience is usually a tester of some sort. For example in the original document a controls description might read like: Verify that tokens and keys are not sent in plain text or otherwise easily decodable/decryptable by MITM attack, which is something a tester can actually test for, but yours say things like "Do not expose RDP to the Internet. Use VPN or jump server.".. a better way would be to say something like "Ensure that RDP is not exposed to the internet" and then in the text area underneath the control you would elaborate. The difference is subtle, I grant you, but by framing them in this way it makes the standard more usable in practical situations. |
|
Thank you for the feedback! I completely understand your points regarding tone, formatting, and phrasing. I’ll revise my submission to match the original style and make the controls more actionable as per your examples. I’ll also remove any unusual characters to ensure smooth PDF generation. Appreciate your detailed guidance — I’ll make the necessary changes shortly. |
…aracters, emojis, and ASCII art - Convert controls to actionable 'Verify that...' format - Add proper Testing Checklist table with L1/L2/L3 levels - Add comprehensive Control Group Definitions - Align formatting with other TASVS documents (04-09)
… - Add detailed RDP/VDI/Kiosk explanations and workflows - Include comprehensive risk and control tables - Remove special characters while keeping all original information - Maintain TASVS professional format matching other documents
|
Hello! @JeffreyShran Thankyou! |
thanks. looks good on first glance. I will need some time to review properly, but wanted to ping you just to say i saw and thanks! :) |
2 participants
• 10.1 Remote Desktop (RDP) Security
• 10.2 Virtual Desktop Infrastructure (VDI) Security
• 10.3 Kiosk Mode Security