Thin Client Security: Wise up!

3 Wise Monkeys
Thin Clients are an obvious choice for connecting users to the Cloud. In theory its a minimal attack surface. Amongst other things, diskless clients nicely sidestep the “data at rest” protection issues.

So why do some thin client vendors just not “get” these 3 things:

  • Security people expect you to provide a secure, vendor independent method for thin client OS updates. FTP for software updates took its place in the infosec “wall of shame” a while back. Ditto DHCP.
  • Bragging that your unpublished API makes your thin client OS secure loses you so much credibility. A hint: you will want to engage a qualified 3rd party to “flex” your API in the same way an adversary would.

…with an unpublished API, Wyse Thin OS is one of the most secure operating systems on the market.

With 128MB of Flash, insecure update methods and an “unpublished API”, I’d say that makes you a target..

Written on April 18, 2008 by Craig Balding
Stay up to date! Subscribe by RSS or email