Thin Client Security: Wise up!

By Craig Balding on April 18th, 2008

3 Wise MonkeysThin Clients are an obvious choice for connecting users to the Cloud. In theory its a minimal attack surface. Amongst other things, diskless clients nicely sidestep the “data at rest” protection issues.

So why do some thin clients vendors just not “get” these 3 things:



  • Security people expect you to provide a secure, vendor independent method for thin client OS updates. FTP for software updates took its place in the infosec “wall of shame” a while back. Ditto DHCP.
  • Bragging that your unpublished API makes your thin client OS secure loses you so much credibility. A hint: you will want to engage a qualified 3rd party to “flex” your API in the same way an adversary would.

“with an unpublished API, Wyse Thin OS is one of the most secure operating systems on the market.”

  • With 128MB of Flash, insecure update methods and an “unpublished API”, I’d say that makes you a target..

Categories: Uncategorized
Tags:

One Response to “Thin Client Security: Wise up!”

  1. Trackback: Securing the Cloud « IT Spot
    Apr 21st, 2008 at 6:34 pm

    […] Storage that combines Salesforce.com and Amazon’s Simple Storage Service. In another entry he offers some advice to thin client […]

Leave a Reply

You can use these XHTML tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

« Cloud Computing Defined #1 Security In The Cloud: Introducing Cloud Mashups »