Top Banner
Sources: www.thinclient.net, www.v- one.com 1 The Good, the Bad, and the Ugly of Thin Client/Server Computing
29

The Good, the bad, and the ugly of Thin Client/Server Computing

Dec 16, 2014

Download

Technology

This presentation discusses the features, benefits, advantages and disadvantages of using Thin Client/Server technology as an IT Security strategy. The full discussion of Thin Client/Server technology as a security solution may be found at http://www.theintegralworm.com/security.html .
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: The Good, the bad, and the ugly of Thin Client/Server Computing

Sources: www.thinclient.net, www.v-one.com 1

The Good, the Bad, and the Uglyof

Thin Client/Server Computing

Page 2: The Good, the bad, and the ugly of Thin Client/Server Computing

Source: www.thinclient.net 2

What is Thin Client/Server Based Computing?

Definition: “Thin Client” The user application is executed on the server

and displayed on the client system. A thin client terminal need only have sufficient

power to render the display of the user session.

Page 3: The Good, the bad, and the ugly of Thin Client/Server Computing

Source: www.thinclient.net 3

How is this Different from Mainframe Computing?

It isn’t, for the most part.The only differences are:

When it is said that an application is running “Thin Client” or “Server Based” it merely refers to graphical MS Windows applications versus text based mainframe applications.

Ex: MS Office, WordPerfect, Lotus Notes, Netscape… all apps using the familiar GUI from MS Windows.

Page 4: The Good, the bad, and the ugly of Thin Client/Server Computing

Source: www.v-one.com 4

How is this Different from Mainframe computing? (con’t)

Applications run on powerful centralized servers accessing centralized data stores.

The applications run on multi-user systems. Allows user to access applications from PC’s

and Thin Client terminals with software that provides a virtual desktop.

Page 5: The Good, the bad, and the ugly of Thin Client/Server Computing

Sources: www.thinclient.net, www.v-one.com 5

Benefits of Thin Client/Server Computing

Ability to access any application from any device, anywhere, over any connection.

Eases processing burden on the client’s CPU. Reduces data transmission lags inherent to

remotely connected users.

Page 6: The Good, the bad, and the ugly of Thin Client/Server Computing

Source: The Harvard Computing Group 6

Security Benefits inThin Client/Server Computing

No threat of virus introduction because there’s no floppy drive or CD-ROM drive.

Lack of floppy drive prevents the use of “User ID/Password cracking software.”

Anti-virus software and virus definitions are maintained on the server.

Virus propagation minimized without local hard drive.

Creates a central control of the user environment.

Page 7: The Good, the bad, and the ugly of Thin Client/Server Computing

Source: The Harvard Computing Group 7

Security Benefits in Thin Client(1)

Does not allow for document storage on a local device, ensuring proper access control and backup.

No data storage on terminal, reducing risk of inappropriate access to confidential data.

Reduced hacking by casual users. Reduced risk of damage to more expensive

hardware.

Page 8: The Good, the bad, and the ugly of Thin Client/Server Computing

Source: The Harvard Computing Group 8

Security Benefits in Thin Client (2)

Business Continuity: Stems from the server based storage of data

and software. Literally impossible to interrupt an application

session and resume the same session from a different physical location on another client.

The interrupted session will resume in exactly the same place with the same data on the screen.

A Thin Client screen displays results of application processing that happens at the central site, therefore physical location is irrelevant.

Page 9: The Good, the bad, and the ugly of Thin Client/Server Computing

Source: The Harvard Computing Group 9

Security Benefits in Thin Client (3)

Web browser and server software patches and upgrades only necessary on the server(s) thereby upgrading all clients automatically. Significant because a majority of security

breaches in the past have been through web browsers and servers.

Upgrading servers only reduces time lag in having the latest security patches up and running.

Page 10: The Good, the bad, and the ugly of Thin Client/Server Computing

10

Security Risks with Thin Client (1)

Data centers must be fully equipped to deal with both remote and central site problems.

Local web browsers contain local memory or cache of recently accessed web pages that are not removed will allow access by hackers into the system.

Page 11: The Good, the bad, and the ugly of Thin Client/Server Computing

11

Security Risks with Thin Client (2)

Physical Security: Becomes a prime issue because everything is

centralized within one central location. An increased need for Guns, Guards, and Gates.

Page 12: The Good, the bad, and the ugly of Thin Client/Server Computing

12

Security Risks with Thin Client (3)

Email: “Email security must be addressed though the

overall IT strategy and still remains a potential leak for confidential data." (Newburn 8)

Page 13: The Good, the bad, and the ugly of Thin Client/Server Computing

13

Security Risks with Thin Client (4)

User ID’s and Passwords: This is an ongoing problem even with

education and review of security in mandated workshops.

Not unusual to find a "Post-It" note attached to a computer or keyboard.

Page 14: The Good, the bad, and the ugly of Thin Client/Server Computing

14

Security Risks with Thin Client (5)

Wireless Devices: Minor challenge for someone with knowledge and

suitable hardware such as a wireless protocol analyzer or a laptop equipped with a wireless access card to intercept vital transmissions.

It is of no consequence even if transmissions are within the bounds of the facility because an employee, service contractor, janitor, or other member of the community who has permission to enter the premises can perform snooping or capture network data with a properly equipped PDA (Personal Digital Assistant).

Page 15: The Good, the bad, and the ugly of Thin Client/Server Computing

Source: Wireless Security Workshop, UMBC 15

Security Risks with Thin Client (6)

Wireless Devices: ‘Most wireless products conform to the 802.11b

encryption standard and also offer an optional encryption technology known as Wired Equivalent Privacy (WEP), but this encryption must be specifically turned on and is not part of the default setup of the system.’ (Cirrota)

‘Problem is that WEP is not entirely security proof as it was publicly cracked in 2001.' (Cirrota)

Page 16: The Good, the bad, and the ugly of Thin Client/Server Computing

16

Security Solutions for Thin Client (1)

Major server vendors provide high reliability and fail-over options in their current product lines.

Thin clients that use local browsers are not exempt from the web browser cache problem, but local web browser security settings can be set to eliminate the local cache eliminating the risk.

Page 17: The Good, the bad, and the ugly of Thin Client/Server Computing

17

Security Solutions for Thin Client (2)

Simplest solution is to use server-based browsers that do not have this inherent flaw. Another solution is to use a software program

such as "StayOnline" by stayonline.com that explicitly flushes data from memory-resident cache and also will purge instant messenger-style buddy lists to enhance security.

Page 18: The Good, the bad, and the ugly of Thin Client/Server Computing

18

Security Solutions for Thin Client (3)

Local web browsers contain local memory or cache of recently accessed web pages that are not removed will allow access by hackers into the system.

Page 19: The Good, the bad, and the ugly of Thin Client/Server Computing

19

Security Solutions for Thin Client (4)

Physical Security: Security guards should be utilized versus

relying technology. Technology may be less expensive, but is not completely fool-proof as it is reactive and not pro-active. Also in the event of an emergency a human guard can assess the situation and if necessary be the last person to leave in the case of a genuine emergency due to the requirement of having a fail-safe door.

Page 20: The Good, the bad, and the ugly of Thin Client/Server Computing

20

Security Solutions for Thin Client (5)

Physical Security: (con’t) Doors may be secured with biometrics in

order to allow only authorized personnel into the computer room.

Fail-safe doors would have to be employed in order to provide access for anyone within the computer room during a genuine emergency.

Firewalls used for all four sides to prevent entrance through the plenum of the building.

Page 21: The Good, the bad, and the ugly of Thin Client/Server Computing

21

Security Solutions for Thin Client (6)

Email: “Email security will have to be addressed

through current means." The current rules of not opening attachments or just securing the email so attachments cannot be accepted will go a long way in securing email.” (Newburn 8)

Page 22: The Good, the bad, and the ugly of Thin Client/Server Computing

22

Security Solutions for Thin Client (7)

User ID’s and Passwords: The use of smart cards a credit card-sized device

containing a microprocessor and memory that can store personal information.

The user inserts the card into the card reader to gain access of the system.

In order to prevent the obvious problem of missing and stolen smart cards, biometric identification may also be applied in order to act as a second level of security.

Page 23: The Good, the bad, and the ugly of Thin Client/Server Computing

23

Security Solutions for Thin Client (8)

User ID’s and Passwords: (con’t) Best Alternatives in biometrics currently are "Iris

Scans" or "Thumbprint Scans". Iris Scanners: Use a hardware device that scans

the user's eye with regular light and compares the iris color footprint to the scan currently on file. It there is a match, the user is given access. Iris color is unique to every individual and the technology is quite inexpensive at this time due to the falling costs of hardware.

Page 24: The Good, the bad, and the ugly of Thin Client/Server Computing

24

Security Solutions for Thin Client (9)

User ID’s and Passwords: (con’t) Iris Scanners: (con’t)

The only way currently to circumvent an iris scan is either cut the person's eyeball out or somehow get to the server to alter the iris scan database.

Drawback is that they are rather physically intrusive to users because a person has to set their eye up to a device that performs the scan.

Page 25: The Good, the bad, and the ugly of Thin Client/Server Computing

25

Security Solutions for Thin Client (10)

User ID’s and Passwords: (con’t) Thumbprint Scanner: Are less obtrusive for

users and there's also less objection by users to using them.

The user places their thumb on the scanner and the image is compared to the scan on file.

Drawback is the manufacture of "Plastic Thumbs" which have the prints of the user, more than likely the CEO.

Page 26: The Good, the bad, and the ugly of Thin Client/Server Computing

26

Security Solutions for Thin Client (11)

User ID’s and Passwords: (con’t) Thumbprint Scanner: (cont’d)

Other possibility is cutting the person's thumb off, or again altering the database where the thumbprint data is stored.

Page 27: The Good, the bad, and the ugly of Thin Client/Server Computing

27

Security Solutions for Thin Client (12)

Wireless Security Solutions: Inherent problem with encryption technology is

that it is computationally intensive. It requires a large number of processor cycles to accomplish the encryption of data.

“The ICA protocol embedded on most thin client devices can encrypt thin client data streams without any noticeable impact on performance because of underlying protocol places minimal requirements on the device.” (Harvard Computing Group 14-15)

Page 28: The Good, the bad, and the ugly of Thin Client/Server Computing

28

Security Solutions for Thin Client (13)

Wireless Security Solutions: (cont’d) ‘Wired Equivalent Privacy Protocol, part of the IEEE

802.11b wireless networking standard for encryption may not necessarily be strong enough, but should not be the exclusive means of protection when data confidentiality is a primary concern say as in a hospital when working with patients medical records' (Cirrota).

Page 29: The Good, the bad, and the ugly of Thin Client/Server Computing

29

Future Plans and Prescriptions

The 802.11 standards committee of the IEEE along with several vendors and industry consortia are working diligently to augment or replace WEP.