This is cache of http://feeds.feedburner.com/~r/CloudSecurity/~3/273216306/. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
Thin Client Security: Wise up!
2008-04-18 23:36:44 by Craig Balding in Cloud Security
 

3 Wise MonkeysThin Clients are an obvious choice for connecting users to the Cloud. In theory its a minimal attack surface. Amongst other things, diskless clients nicely sidestep the “data at rest” protection issues.

So why do some thin clients vendors just not “get” these 3 things:



  • Security people expect you to provide a secure, vendor independent method for thin client OS updates. FTP for software updates took its place in the infosec “wall of shame” a while back. Ditto DHCP.
  • Bragging that your unpublished API makes your thin client OS secure loses you so much credibility. A hint: you will want to engage a qualified 3rd party to “flex” your API in the same way an adversary would.

“with an unpublished API, Wyse Thin OS is one of the most secure operating systems on the market.”

  • With 128MB of Flash, insecure update methods and an “unpublished API”, I’d say that makes you a target..
 
Tags: thin client, thin clients, thin clients vendors, secure, api, secure loses, security people expect, rest protection issues, minimal attack surface
 
 
 
 
 
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia