[PLUG] Thin Client Security
Brian Hoag
bjh at avalongroup.net
Tue Dec 10 22:39:08 UTC 2002
Isn't this true of all network types? If you compromise the security of
the network, why does it matter what client type you use. If you
already have access to the server, you could easily get password and
user info. Maybe I do not understand the question here, but in my
opinion, this shouldn't be considered a liability of the K12LTSP
project. Correct me if I'm wrong please.
--Brian
-----Original Message-----
From: plug-admin at lists.pdxlinux.org
[mailto:plug-admin at lists.pdxlinux.org] On Behalf Of Cooper Stevenson
Sent: Tuesday, December 10, 2002 10:27 AM
To: lug at peak.org
Cc: PLUG Mailing List
Subject: [PLUG] Thin Client Security
All,
When discussing the K12LTSP project yesterday and it's benefits, I was
asked about the server side security.
Specifically, is there a mechanism in place to prevent an attacker from
putting a ``fake'' server on the subnet that the clients look for?
In other words, let's say that a thin client sends a Bootp broadcast on
the network. What's to stop a hacker from plugging in a false server and
intercepting client requests?
Of course the attacker would have had to have compromised a `real'
server to gain login information, etc. to make this work and it would
likely be discovered very quickly, but still...
-Cooper
_______________________________________________
PLUG mailing list
PLUG at lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
More information about the PLUG
mailing list