Thin Client solutions

Mon Oct 24 21:44:55 PDT 2005

You might want to check out these guys. They are the remains of the old
NCD company, that made thin client Xterminal hardware/software. They now
make software that they claim will turn a PC into a secure, easily
managed thin client. I'm not that convinced that a software solution
alone can do this, but you never know, they may have an interesting
design.

http://www.thinpathsystems.com/

-jimk

-----Original Message-----
From: owner-baylisa at baylisa.org [mailto:owner-baylisa at baylisa.org] On
Behalf Of Brian Street
Sent: Monday, October 24, 2005 6:52 PM
To: Alvin Oga
Cc: baylisa at baylisa.org
Subject: Re: Thin Client solutions

Quoting Alvin Oga <alvin at Mail.Linux-Consulting.com>:
>
> hi ya brian
>
> On Mon, 24 Oct 2005, Brian Street wrote:
>
> > I'm tasked with trying to come up with a Thin Client Windows
> solution
> > for a new venture in a foreign country.
>
> sounds like fun ... if its a paying job
>

This is for my company. We are going to open an Engineering office.

> > The solution should allow users access to data, but not to be
> able to
> > save locally as in hard disk, floppy, cd, or USB drive.
> > All of the data will be located on a server.
>
> good idea for security and/or less headaches of managing user's
> data ..
>
> i assume a CF inside is not acceptable ??
> 	- but people can write to it .. which may be bad
> 	for the same reason that usb and cd is banned
>

I'm sorry...CF?

> > Some further requirements at this
> > stage is to disallow sending any data through {web,e}mail but I'm
> not
> > sure how feasible that is.
>
> that will be harder to prevent ... too too many ways to
> send data out or get it
>
> - lot easier to stop outgoing data ... just simply disallow
>   outgoing connections with a simple firewall
> 	- if you cannot send outgoing email .. you cannot
> 	send data with outgoing attachments
>
> 	- if you cannot serve web pages .. you cannot
> 	send data over http
>
> 	- all other ftp/ssh/etc ports are all closed
>
> - you can view web pages .. you can read emails ??
>
> 	which means they can piggy-back data onto those connections
> 	and no way to stop it  ...
>
> 	you can drop the attachments but the "important data" can still
> 	go out or come in with the content of html or emails
>
> 		login is "Thief", and password is "easy"
>
> > One solution is to not have the server/clients connected to the
> > internet at all with separate computers for internet access.
>
> all internal PCs shoudl go throw the firewall/gateway, but means
> they can play with those servers and try to get out
>
> > I'm familiar with Citrix but does anyone have any other possible
> > solutions I can look into?
>
> network boot will prevent all the "media" needed for booting
> and will not have any storage for legit users or crackers
>
> > Thanks in advance for any insight you may be able to provide.
>
> the bigger problem is what is the budget for implementing the "wish
> list"
> and why is important vs what is the consequence of a packet
> of data sneaking thru
>
> c ya
> alvin
>

Your points are valid and we've been thinking about them all. What I
am considering is a firewalled network for code development that only
allows connections from specific thin clients (I should be able to
allow only specific mac addresses to connect just like a wireless
node, no?). We are also considering a separate desktop for the users
to check email, internet access, etc. but what prevents them from
just taking the time to copy the data from the isolated network to
the other network. At some point you have to trust that your source
code is safe with your new employees, but I think that might be too
cautious of an approach.

We'd like to limit the access to the code and try like heck to keep it
from getting out....which is a huge task and probably not possible.

Brian.