Re: Thin-clients: THE Solution to the Security problem

From: Topi Ylinen (topi.ylinen_at_hushmail.com)
Date: 09/05/05

  • Next message: Stephane Auger: "RE: Weird entries in my firewall" 
    Date: Mon,  5 Sep 2005 05:25:11 -0700
To: <security-basics@securityfocus.com>

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    > THE solution? No, it's not always applicable.
    > Is it A solution? Certainly

    That is the gist of the issue.
    How to permanently eliminate attack vectors that target your
    workstations -> get rid of workstations. I guess you could call
    that a solution. 'A solution' to 'a problem'.

    Most real-life security issues fall outside the scope of this
    'solution'. Thin clients will give little or no increased security
    against social engineering, dishonest employees, a fire in the
    server room, DDoS, and so on. In some ways, thin clients could be
    even more vulnerable: for example, an unavailable server could
    prevent *all* work, while your normal desktop PC could allow you to
    continue working locally even when the LAN or a server is down. Not
    to mention that in some organisations, thin clients could be
    technically infeasible.

    There is no single security solution that automatically fits all
    organisations. You need to do a proper organisation-specific risk
    analysis first -- only after that you can appraise the various
    countermeasures and their impacts, and choose the ones that make
    sense in your organisation.

    (However, I do suspect that the original poster was deliberately
    exaggerating the usefulness of the 'solution' in order to provoke
    discussion.)
    -----BEGIN PGP SIGNATURE-----
    Note: This signature can be verified at https://www.hushtools.com/verify
    Version: Hush 2.4

    wkYEARECAAYFAkMcORoACgkQiokir2ZPLvUg4ACfSFg3m8jxqCqK9fEO8qAOD7UOBNUA
    oJTYP7S9yf3joGN9laVISWhJoLks
    =RlXY
    -----END PGP SIGNATURE-----

    Concerned about your privacy? Follow this link to get
    secure FREE email: http://www.hushmail.com/?l=2

    Free, ultra-private instant messaging with Hush Messenger
    http://www.hushmail.com/services-messenger?l=434

    Promote security and make money with the Hushmail Affiliate Program:
    http://www.hushmail.com/about-affiliate?l=427

  • Next message: Stephane Auger: "RE: Weird entries in my firewall"

    Relevant Pages

    • Re: SBS 2003 / Software Firewall?
      ... The server is protected in Single NIC installs. ... And workstations are where your security problems are. ... to protect it from an internal LAN attack. ...
      (microsoft.public.windows.server.sbs)
    • Re: oledb
      ... It sounds then like there isn't much difference between ODBC and OleDB. ... That would be the easiest solution for me, and the security would be good ... But some of the workstations are running Vista, ... on a file server. ...
      (microsoft.public.fox.programmer.exchange)
    • Need Security Guidance
      ... (Windows2000 Server) ... morning and establish a 56k connection to the ISP, ... PCFlank test reports security problems at the IP address related to ... but does not seem to see the workstations or file ...
      (comp.security.firewalls)
    • Questions Re: users/groups, security and GPOs
      ... With my limited server OS knowledge, I'm struggling to get my head ... The current workstations are "survey1" through to ... The survey workstations frequently require access to each ... the server (rubbish security!). ...
      (microsoft.public.windows.server.sbs)
    • Re: A Computer Lab with No Windows
      ... > None of the workstations, or thin clients, has a hard drive. ... > the central server. ...
      (comp.sys.sun.misc)