Firewall Wizards mailing list archives
RE: Worms, Air Gaps and Responsibility
From: "Mike McNutt" <mike.mcnutt () aqssys com>
Date: Mon, 10 May 2004 15:27:56 -0500
-----Original Message----- From: Gwendolynn ferch Elydyr [mailto:gwen () reptiles org] Sent: Monday, May 10, 2004 2:48 PM To: Mason Schmitt
[...]
On Mon, 10 May 2004, Mason Schmitt wrote:A recent SANS webcast talked about using true thin clienthardware orterminal server clients (and equivalents such as citrix, X, etc) for providing remote users or risky users access to document stores, and other LAN resources. I think that using a thin client as a security tool is a great idea.Heh. What do they say? "Everything old is new again"? For the terminal server hardware, I've got a bit less to say [but are you -sure- where that image came from?] - but in the case of the
Are you suggesting that someone/something can hijack a thin-client connection and provide [accurate-in-terms-of-user-interaction] *false* images of the remote system? Wow. Never actually thought of that, myself. At first glimpse, the effort seems daunting (but I guess anything is possible).
software thin clients, you're -still- running on a platform with unknown security, and reaching into the enterprise.
Care to expand on: "running on a platform with unknown security"? Are you talking about the thin-client "client application" itself?
Thin clients also don't address the question of having a box with a live connection to the Internet and your enterprise - it just moves it around.
What exactly is the "question" related to having a box on the Internet that you are referring to? It sounds like you are poo-pooing remote users' use of the Internet for connectivity to the office because the office has to maintain a connection to the Internet... Is that bad? Or is it *potentially* bad?
The thin client gets around this headache nicely.... and gets you back into a different set of headaches - provisioning servers and links that are sturdy enough to handle a pile of remote connections.
... Which puts the resolution back in the hands of the administrator, so he/she at least has a chance of addressing/rectifying the problem. I'll take that headache any day over the headche of reviewing/patching/protecting my systems from the infected ones. Not like there is actually a choice, though. I don't understand what point you are trying to make here; thin clients like Citrix or TS (I can't speak to X) certainly have a productive role for remote users and currently offer some real advantages over security concerns of other approaches. It's the functionality vs. security arguement; you must assess the risk before making your choice, and thin-clients provide an awful lot of functionality for the security risk. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Worms, Air Gaps and Responsibility, (continued)
- RE: Worms, Air Gaps and Responsibility Thomas W Shinder (May 07)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 07)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 07)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 07)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 07)
- RE: Worms, Air Gaps and Responsibility R. DuFresne (May 07)
- RE: Worms, Air Gaps and Responsibility R. DuFresne (May 07)
- RE: Worms, Air Gaps and Responsibility Thomas W Shinder (May 07)
- RE: Worms, Air Gaps and Responsibility Melson, Paul (May 07)
- Re: Worms, Air Gaps and Responsibility Adam Shostack (May 07)
- Message not available
- RE: Worms, Air Gaps and Responsibility Marcus J. Ranum (May 07)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- RE: Worms, Air Gaps and Responsibility Victor Williams (May 11)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 12)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 13)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 17)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 17)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 17)