Thin Client solutions

Alvin Oga alvin at Mail.Linux-Consulting.com
Mon Oct 24 18:57:35 PDT 2005 

hi ya brian

On Mon, 24 Oct 2005, Brian Street wrote:

> I'm tasked with trying to come up with a Thin Client Windows solution
> for a new venture in a foreign country.

sounds like fun ... if its a paying job
 
> The solution should allow users access to data, but not to be able to
> save locally as in hard disk, floppy, cd, or USB drive.
> All of the data will be located on a server.

good idea for security and/or less headaches of managing user's data .. 

i assume a CF inside is not acceptable ?? 
	- but people can write to it .. which may be bad
	for the same reason that usb and cd is banned

> Some further requirements at this
> stage is to disallow sending any data through {web,e}mail but I'm not
> sure how feasible that is.

that will be harder to prevent ... too too many ways to 
send data out or get it 

- lot easier to stop outgoing data ... just simply disallow
  outgoing connections with a simple firewall
	- if you cannot send outgoing email .. you cannot
	send data with outgoing attachments

	- if you cannot serve web pages .. you cannot
	send data over http

	- all other ftp/ssh/etc ports are all closed

- you can view web pages .. you can read emails ??

	which means they can piggy-back data onto those connections
	and no way to stop it  ... 

	you can drop the attachments but the "important data" can still
	go out or come in with the content of html or emails

		login is "Thief", and password is "easy"
		
> One solution is to not have the server/clients connected to the
> internet at all with separate computers for internet access.

all internal PCs shoudl go throw the firewall/gateway, but means
they can play with those servers and try to get out 

> I'm familiar with Citrix but does anyone have any other possible
> solutions I can look into?

network boot will prevent all the "media" needed for booting
and will not have any storage for legit users or crackers 

> Thanks in advance for any insight you may be able to provide.

the bigger problem is what is the budget for implementing the "wish list"
and why is important vs what is the consequence of a packet
of data sneaking thru 

c ya
alvin

More information about the Baylisa mailing list