In this section, we will learn about VMware Cloud Web Security.
VMware Cloud Web Security Capabilities
Talking Points
- VMware SD-WAN is an integral part of the VMware Cloud Web Security.
- VMware Cloud Web Security is a cloud-hosted service that protects users and infrastructure accessing SaaS and Internet applications from a changing threat landscape while providing visibility and control and ensure compliance with Enterprise IT security policies.
- Cloud Web Security implements policy and control in a number of ways depending on Enterprise requirements such as URL filtering, Content Filtering, Anti-Malware, Sandbox Inspection and CASB.
- VMware SD-WAN provides visibility into the applications accessed by the remote mobile users on their devices.
Horizon-Edge Applications
Go to SD-WAN Orchestrator, which you just opened earlier.
On the left menu, in Edges, go to Horizon-Edge > Applications tab.
Traffic details are displayed for applications accessed via virtual desktops. View Past 60 Minutes.
Earlier, from within the TD-WINDOWS10 virtual desktop, you launched the YouTube-hosted Anywhere Workspace SA SASE Pop Demo video in Chrome. This HD video's traffic is routing through SD-WAN and optimizations are being applied to enhance the user experience. Note the spike.
Security Policies
Go to Cloud Web Security > Configure > Security Policies.
A custom Cloud Web Security policy called Horizon-Policy is configured. Within we enabled a Cloud Access Security Broker (CASB) policy to block Dropbox login and facebook.com, a URL filter to prevent access to Gambling sites, a Content Filter to prevent file uploads, and Content Inspection policy to inspect ZIP files.
CASB - View Security Policies
In Security Policies > Horizon-Policy > CASB you'll see Block Dropbox Login and Block Facebook.com policies.
CASB - Blocked Dropbox Login
Open a tab in the Chrome browser and access dropbox.com.
When you try to sign in to Dropbox, the attempt should be blocked. You will briefly see the "forbidden" notification and then the Dropbox sign-in page is presented again. The "forbidden" notification is very fast.
CASB - Blocked Facebook
The Block Facebook.com policy does just that: blocks all navigation to facebook.com.
URL Filtering
A custom URL Filtering policy, Denied Websites, is configured to block access to a number of categories including gambling.
URL Filtering - Blocked Gambling
Launch the Chrome browser and navigate to http://www.gambling.com. Access will be blocked based on the URL filter policy.
Content Filtering
A custom Content Filtering policy, Block File Upload, is configured to block any attempt to upload a file from the Horizon desktop.
Content Filtering - Blocked File Upload
Right click the desktop and create a New Microsoft Word Document on the desktop.
Go to https://gofile.io/uploadFiles.
Attempt to upload the newly created Word document. The upload will be blocked by the Content Filtering policy.
Content Inspection
A custom Content Inspection policy, Inspect Archives, is configured to inspect any downloaded archives or packages.
Content Filtering - Test Policy
Use the Chrome browser to navigate to https://www.eicar.org/. You can copy and paste this URL.
At eicar.org, click on the "download anti malware testfile" image/link.
Content Filtering - Download Zip File
On the next page, scroll down to the download links.
Attempt to download the eicar_com.zip file.
Content Filtering - Archive Blocked
The download of the eicar_com.zip file is detected as malware and is blocked by Cloud Web Security.