Security
Table Of Contents
- View Security
- Contents
- View Security
- View Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Default Global Policies for Security Protocols and Cipher Suites
- Configuring Global Acceptance and Proposal Policies
- Configure Acceptance Policies on Individual View Servers
- Configure Proposal Policies on View Desktops
- Internet Engineering Task Force Standards
- Older Protocols and Ciphers Disabled in View
- Reducing MIME Type Security Risks
- Mitigating Cross-Site Scripting Attacks
- Content Type Checking
- Origin Checking
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure View Environment
- Index
SSLv3
For more information, see http://tools.ietf.org/html/rfc7568.
For Connection Server instances, security servers, and View desktops, you can enable SSLv3 by removing
SSLv3 from the jdk.tls.disabledAlgorithms property in the C:\Program Files\VMware\VMware
View\Server\jre\lib\security\java.security file on each View Connection Server instance and security
server.
For View Composer and View Agent Direct-Connection (VADC) machines, you can enable SSLv3 by adding
the following values (REG_DWORD) to the registry key
HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server:
DisabledByDefault=0
Enabled=1
RC4
For more information, see http://tools.ietf.org/html/rfc7465.
For Connection Server instances, security servers, and View desktops, you can enable RC4 on a Connection
Server, security server, or a View Agent machine by editing the configuration file C:\Program
Files\VMware\VMware View\Server\jre\lib\security\java.security. At the end of the file is a multi-line
entry called jdk.tls.legacyAlgorithms. Remove RC4_128 and the comma that follows it from this entry and
restart the Connection Server, security server, or the View Agent machine, as the case may be.
For View Composer and View Agent Direct-Connection (VADC) machines, you can enable RC4 by adding
the following to the list of ciphers when you follow the procedure "Disable Weak Ciphers in SSL/TLS for
View Composer and View Agent Machines" in the View Installation document.
TLS_RSA_WITH_RC4_128_SHA
Reducing MIME Type Security Risks
By default, View sends the header x-content-type-options: nosniff in its HTTP responses to help prevent
attacks based on MIME-type confusion.
You can disable this feature by adding the following entry to the file locked.properties:
x-content-type-options=OFF
Mitigating Cross-Site Scripting Attacks
By default, View employs the XSS (cross-site scripting) Filter feature to mitigate cross-site scripting attacks
by sending the header x-xss-protection=1; mode=block in its HTTP responses.
You can disable this feature by adding the following entry to the file locked.properties:
x-xss-protection=OFF
Content Type Checking
By default, View accepts requests with any declared content type except for connections to View
Administrator.
To restrict the content types that View accepts, add the following entry to the file locked.properties:
acceptContentType.1=content-type
View Security
28 VMware, Inc.