Evaluating thin client_security


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Evaluating thin client_security

  1. 1. IT@Intel White Paper Intel Information Technology Business Solutions April 2010 Evaluating Thin-Client Security in a Changing Threat Landscape Executive Overview Equivalent security controls Intel IT’s security team continually analyzes our computing model to determine can be, and are, implemented how it needs to evolve in response to an ever-changing threat landscape. Recent on PCs—without giving up the cyber-attacks on a number of high-profile targets provided added impetus to re-evaluate the security offered by thin-client models and whether using thin functionality that is sacrificed clients could help defend against similar attacks. with the thin-client model. We identified five attributes that are often We also considered other restrictions and perceived as security benefits in thin clients: costs of thin clients, including the inability to prevention of physical data loss, removal support mobile computing, highly interactive of administrative privileges, limitations on or compute-intensive applications, and installed applications, client integrity, and rich media such as video. Thin clients also ability to roll back to a known good state. require significant additional server capacity and network bandwidth. Some thin-client We determined that while these controls can models can also increase the risk of business contribute to a more secure environment, disruption if an outage occurs within the they would not have prevented the recent central network resources upon which the thin cyber-attacks from being successful. Toby Kohlenberg client depends. Senior Information Security Specialist, Intel IT Furthermore, we also observed that these Based on our analysis, we see thin clients controls are not unique to thin clients: as suitable for some niche uses. However, Omer Ben-Shalom Equivalent controls can be, and are, Intel’s environment is 80 percent mobile, and Principal Engineer, Intel IT implemented on PCs—without giving up the most of Intel’s users require the functionality functionality that is sacrificed with the thin- and flexibility of mobile business PCs. John Dunlop client model. Where such controls have not been Mobile business PCs also position us to take Enterprise Architect, Intel IT implemented holistically on either thin clients advantage of emerging technology trends or PCs, the reason is often because they place and service delivery models. Jerzy Rub unacceptable restrictions on user productivity, Information Risk and Security Manager, Intel IT not because of the client architecture.
  2. 2. IT@Intel White Paper Evaluating Thin-Client Security in a Changing Threat Landscape Contents BACKGROUND CLIENT SECURITY Executive Overview............................. 1 Intel IT supports a very large enterprise ANALYSIS environment, with about 83,500 We analyzed security controls Background ............................................ 2 employees spread across 61 countries. commonly associated with thin clients Client Security Analysis...................... 2 Intel depends on its employees for along with their value in the evolving Security Controls Typically business innovation that enables threat landscape. We assessed Associated with Thin Clients .......... 2 the company to grow and continue whether they would have prevented Mitigation Value of to create a competitive advantage. To or mitigated targeted zero-day attacks These Controls................................... 3 foster this innovation, Intel IT provides such as the recent exploits at other Availability of Security about 80 percent of employees with high-profile Web sites. We then Controls on PCs ................................. 4 mobile business PCs. analyzed whether similar controls can Thin-Client Security Concerns ....... 4 be applied to PCs. The cyber threat landscape has been rapidly Security In An Evolving evolving, with an increasing shift towards Threat Landscape ................................ 4 zero-day attacks, which target previously Security Controls Typically Meeting Intel’s Enterprise Needs .... 5 unknown vulnerabilities within hours of Associated with Thin Clients discovery. Some recent attacks on other high- We identified five main attributes that are Future Positioning ............................... 6 profile Web sites have exploited previously commonly perceived as security advantages Dynamic Virtual Client ...................... 6 unknown vulnerabilities in common client in thin clients: Conclusion .............................................. 7 software such as Web browsers. • Physical data loss prevention. With thin- For More Information .......................... 7 Intel IT’s security team continuously monitors client models, storage is restricted to the this threat landscape and regularly analyzes data center, reducing the risk of physical Acronyms ................................................ 7 data leaks. In addition, thin clients often how our business and compute models match up against it. Recent cyber-attacks on some lack ports for attaching external media or high-profile targets caused us to re-evaluate USB memory sticks, further reducing the the security offered by the thin-client model. ability to copy data directly from the client. We also wanted to investigate whether thin • Non-privileged users. User administrative clients could help defend against similar privileges are removed, reducing the attacks in the future. ability of exploits to change system files After analyzing these thin-client attributes, and settings. we examined whether similar controls can • Restrictions on user-installed be applied to PCs. Then we considered applications. Users are not able to install our findings from the perspective of the additional applications that would enlarge IT@INTEL overall Intel IT client strategy, taking into the attack surface of the client machine or IT@Intel is a resource that enables IT account enterprise user needs and emerging infect the system with malware. professionals, managers, and executives technology trends. to engage with peers in the Intel IT organization—and with thousands of other industry IT leaders—so you can gain insights into the tools, methods, strategies, and best practices that are proving most successful in addressing today’s tough IT challenges. Visit us today at www.intel.com/IT or contact your local Intel representative if you’d like to learn more. 2 www.intel.com/IT
  3. 3. Evaluating Thin-Client Security in a Changing Threat Landscape IT@Intel White Paper • Client integrity. All clients are maintained of users’ remaining privileges to gain • Client integrity. Applying consistent, in a consistent state, based on a known access to other systems and any data to up-to-date patches is generally easier configuration baseline. New patches can be which the user has access. Furthermore, with a centralized image, as used in the rapidly and consistently applied by patching removing users’ administrative rights has thin-client model. However, it would not server-based images. no protective effect if the exploited service have prevented the attacks, because • Ability to roll back to a known good is running as a system process rather than zero-day attacks target previously state. With thin clients, this can often be as a user process. unknown vulnerabilities. achieved by rebooting or reloading previous • Restrictions on user-installed • Ability to roll back to a known good versions of a single virtual container file. applications. These restrictions can help if state. Rolling back the client system using they prevent installation of non-essential a server-based client image would not Mitigation Value of applications that could be targeted. However, have helped in recent attacks. The initial These Controls recent exploits have targeted ubiquitous, compromise provided access to Web-based We found that while these controls can essential applications such as Web browsers. services and accounts, and rolling back contribute to a more secure environment, they Furthermore, it is much more difficult to the system after the compromise would would not have provided significant overall restrict users’ access to malicious Web sites not have removed this access. In addition, protection in the recent zero-day attacks. or prevent them from running undesirable since the attack exploited an unknown • Centralized data storage. Traditionally, Web services than it is to prevent them from vulnerability, the system could have been data theft involved using a device to copy installing software on a business PC. just as easily recompromised. data physically stored on the system. However, today’s thefts typically take place over networks, as shown in Figure 1. The restrictions imposed by thin clients do Modern Thief Using thin clients does not prevent nothing to prevent this. All thin clients have theft of data over networks. Internet Browser fast network connections and most have Internet connections. Attackers can use Data Server these fast networks to rapidly transmit data from the server through the firewall. • Non-privileged users. Removing users’ administrative rights may reduce the Traditional Thief Physical intellectual property impact of an infection and make it more theft can be prevented in some cases by using thin clients. difficult for malware to spread to new Terminal systems. However, it cannot always Data Transfer prevent the initial compromise, and unless Network extreme restrictions are imposed, attackers may still be able to avail themselves Figure 1. Thin clients can help prevent physical theft of data from clients; however they do not prevent theft over networks. www.intel.com/IT 3
  4. 4. IT@Intel White Paper Evaluating Thin-Client Security in a Changing Threat Landscape Availability of Security business PCs. Intel maintains standard, evidence is mandated in some cases. Rolling Controls on PCs centrally managed system and application a thin-client system back to a known good We determined that we could, and indeed do, images. These are updated regularly and build, by rebooting from a server-based image, provide equivalent controls on PCs—without used whenever rollback is necessary. may actually have the negative effect of giving up the functionality lost with the destroying this vital evidence on the client. Intel IT currently is able to quickly deploy thin-client model. We have not implemented patches to maintain client integrity, and the these controls holistically, but we have used most time-consuming aspect of the process individual controls where appropriate. is testing and validation of a new patch, not SECURITY IN AN EVOLVING To prevent physical data theft, Intel uses actually deploying it; the time required to test THREAT LANDSCAPE full disk encryption and enterprise rights and approve would not change in a thin-client As the threat landscape mutates management tools. These methods can be environment. With PCs, patches can be rolled toward targeted zero-day attacks, we supplemented with global domain policies or out in waves to increasing numbers of users need to adapt by taking a different physical system modifications to lock down, to mitigate potential problems introduced approach to security. In this landscape, encrypt, or restrict the use of USB memory with the patches; updating all clients at once IT security professionals need to and other external storage devices. In addition, can itself be a risk. assume that clients are vulnerable— folder redirection can be used to store data whether they are PCs or thin clients. in the data center, either exclusively or as a Thin-Client Security Concerns There are also security concerns related Frequently, attackers use custom malware; mirror of the data on the client. The latter to the thin-client model. Centralizing this is unlikely to be detected or prevented approach supports mobile computing. applications and data also centralizes the using traditional methods. Attacks typically The decision about whether to assign focus on ubiquitous components that threat: A network of thin clients provides administrative rights to users is not specific exist on both PCs and thin clients, such as many access points to servers storing shared to thin-client models. Many tools are available essential business applications, the OS, or data and applications, with the associated to remove the administrative privileges of parts of cloud-based services. risk that compromise can affect the entire IT mobile business PC users. If requirements infrastructure. Some thin-client models can Detection requires more sophisticated dictate that PC users receive administrative also increase the risk of business disruption if behavioral analysis for user access and rights rights, third-party software packages can be an outage occurs within the central network utilization, including a more balanced mix of used to manage these rights and to restrict resources upon which the thin client depends. detective and corrective controls. users from installing applications or carrying out other activities unless each action is Centralizing all data, including personal data, Both types of controls may actually be specifically permitted by IT administrators. introduces new privacy concerns, with an easier to implement using new platform Intel uses multiple methods to restrict increased risk of infringing government technologies—such as Intel® Virtualization administrative access and users’ rights. regulations in some countries. Thin- Technology (Intel® VT-x), Intel® Virtualization client models can also have unintended Technology for Directed I/O (Intel® VT-d), Centralized management of a common OS consequences for data leakage; for example, and Intel® Trusted Execution Technology or application image is not unique to thin- we have found that users of thin clients (Intel® TXT)—or separate physical hardware client computing. For example, streaming are more likely to print paper copies of rather than a shared virtualized server-based allows centrally managed OS and application information that can then be disclosed to environment, which is what the thin-client images to be shared by multiple desktop PCs, unauthorized parties. model essentially uses. and anticipated future capabilities include centrally managed virtualized clients that To respond to a security breach, security For example, an attack originating within are downloaded to users’ PCs. In addition, professionals need to know which systems one virtual machine (VM) running on a technologies from several companies can were compromised and when the compromise server may target another VM on that same be used to implement system rollback on first occurred. In fact, preservation of such server in what is known as a VM escape. 4 www.intel.com/IT
  5. 5. Evaluating Thin-Client Security in a Changing Threat Landscape IT@Intel White Paper Reliable preventative and detective controls, future enterprise needs. This analysis some personal applications (Intel, like many analogous to network or host-based intrusion was based on business requirements other companies, permits reasonable use of prevention systems (NIPS or HIPS), do not and technology trends as well as corporate resources in this way). yet exist in the VM management layer to security concerns. Another important advantage of mobile help protect against this sort of attack. By business PCs is that they support all service distributing the execution of the VMs to We found that mobile business PCs delivery models. Our strategy includes a separate client devices, or using technologies support the widest range of uses and growing number of services delivered from on the platform to provide the hardware therefore meet the requirements of most internal and external clouds, and we are isolation, the risk of this sort of attack is Intel employees. exploring new delivery models such as greatly diminished. Locally installed applications, combined application streaming. Equipping users with with local processing power, provide users mobile business PCs means they can run any with increased flexibility to work anywhere, mix of these models while continuing to use MEETING INTEL’S including locations without network access. conventional locally installed applications, as ENTERPRISE NEEDS This also means users retain some computing shown in Figure 2. capabilities in the event of a disaster. Mobile After determining that thin clients In contrast, thin clients have significant PCs support compute-intensive applications would not have prevented the recent limitations. Often, there is limited support for and rich media for communication, including zero-day industry attacks—and mobile computing or working offline, and users video and Voice over IP (VoIP), collaboration, that similar security controls can be cannot effectively run bandwidth-, graphics-, training, and research. Users can run a implemented with PCs—we analyzed or compute-intensive applications. wider choice of software applications, which clients best fit Intel’s current and including business applications as well as External Cloud Internal Cloud Software as a Service (SaaS) Applications Remote Access • Staffing • Travel and Portal Services • Messaging and Collaboration • Productivity Applications • Benefits • Stock Infrastructure • Security and Virtual Machine • Expense • Other SaaS Applications • Enterprise Applications Policy Control • Social Media/Web 2.0 • Hosted Web Applications • User Profile Management • Application Delivery and • Hosted Web Applications Management Service Delivery Models • Primary Data Storage • Workspace/Container Installation Kit/Software Provisioning and Management Provisioning, Streaming, Native Web, Rich Internet, Remote Execution Profile and Data Synchronization Peer-to-Peer Networking • Locally Installed Applications (Office Productivity, Antivirus, and More) • Offline Application Cache Mobile Business PC • Encrypted Data Cache Figure 2. Mobile business PCs can support all emerging service delivery models while continuing to run conventional locally installed applications www.intel.com/IT 5
  6. 6. IT@Intel White Paper Evaluating Thin-Client Security in a Changing Threat Landscape Our analysis has also shown that thin clients FUTURE POSITIONING client solutions that fit the needs of different require significant additional server capacity, enterprise users. Looking forward, our client strategy as well as increased bandwidth across the must continue to keep pace with Dynamic virtual client (DVC) is one option we network supporting the connected users. security requirements, enhance are considering. See “For More Information” Because of these limitations, we have employee productivity, and reduce IT at the end of this paper for discussions of determined that thin clients may be suitable costs. At the same time, we need to other solutions. for only specialized use cases, such as manage added complexities such as an call center terminals, shared kiosks, or increasing number of devices per user, Dynamic Virtual Client manufacturing controllers. However, for these a diversification of form factors, and DVC—a virtualized PC environment delivered on use cases, our analysis suggests that OS the adoption of consumer technologies demand to clients running native (Type 1) high- streaming to PCs may be a better fit for us within the enterprise. security hypervisors—is a key element of our than using thin clients. This is because PCs client strategy. This solution is shown in Figure 3. execute their workloads locally, providing We plan to take advantage of new technologies, We believe DVC will deliver several advantages, greater responsiveness and a better user computing models, and service delivery including device-independent mobility. experience; also, less server and network methods to reconcile these seemingly Users should be able to download and run capacity is required. conflicting requirements. We are planning a their virtual containers on a variety of client segmented approach that includes a range of hardware, with better separation of business and personal workspaces on the same system. Cloud Computing • Virtual Machine Policy Management Server • Streaming Management • Data Storage and Management Virtualized Virtualized Mini OS IT OS Virtualized Service Applications IT Applications Personal OS Voice over IP User Corporate Data User Applications User Personal Data Virtualized IT Client Service and Management OS Client Native Hypervisor BIOS/EFI supporting Intel® vPro™ Technology with Intel® Virtualization Technology Platform Hardware Figure 3. Intel IT is investigating a dynamic virtual client (DVC) solution. 6 www.intel.com/IT
  7. 7. For specialized niche uses where it is feasible Taking into account functionality and to implement all the required controls, we performance as well as enterprise security, ACRONYMS are considering OS streaming to provide we have found that mobile business PCs DMA direct memory access high-availability, fully managed, and tightly support the widest range of uses and DVC dynamic virtual client controlled desktop PCs. Streaming to PCs therefore meet the requirements of most HIPS host-based intrusion allows us to reap the benefits of centralized Intel employees. Because mobile business prevention system management, with server-based OS images PCs support all emerging service delivery NIPS network intrusion shared among many desktops, without the and computing models, they also position us prevention system performance sacrifices associated with thin for the future. The limitations of thin clients SaaS software as a service clients. With PCs, the workload executes make them suitable only for specialized niche Intel® TXT Intel® Trusted Execution locally, providing better performance; also, uses in our environment. Technology less server and network capacity is required. Intel® VT-d Intel® Virtualization Technology for Directed I/O FOR MORE INFORMATION Intel® VT-x Intel® Virtualization CONCLUSION Find additional IT@Intel white papers Technology We determined that while the controls at www.intel.com/IT. VM virtual machine often associated with thin clients VoIP Voice over IP can contribute to a more secure • “Enabling Device-Independent Mobility environment, they would not have with Dynamic Virtual Clients” provided protection against recent • “Better Together: Rich Client PCs and zero-day attacks. In addition, these Cloud Computing” controls are not unique to thin clients: • “Developing an Enterprise Client They can be, and are, implemented Virtualization Strategy” on PCs using other methods, without • “Improving Manageability with OS giving up the functionality that would Streaming in Training Rooms” be sacrificed with the thin-client model. For more straight talk on current topics from Intel’s IT leaders, visit www.intel.com/it.
  8. 8. This paper is for informational purposes only. THIS DOCUMENT IS Intel, the Intel logo, and Intel vPro are trademarks of Intel Corporation in the PROVIDED “AS IS” WITH NO WARRANTIES WHATSOEVER, INCLUDING U.S. and other countries. ANY WARRANTY OF MERCHANTABILITY, NONINFRINGEMENT, FITNESS * Other names and brands may be claimed as the property of others. FOR ANY PARTICULAR PURPOSE, OR ANY WARRANTY OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. Intel Copyright © 2010 Intel Corporation. All rights reserved. disclaims all liability, including liability for infringement of any proprietary rights, relating to use of information in this specification. No license, express Printed in USA Please Recycle or implied, by estoppel or otherwise, to any intellectual property rights is 0410/JLG/KC/PDF 322970-001US granted herein.