The advent of thin client, diskless PCs appear to offer IT Managers a cheap and effective solution to the problem of managing a large estate of desktop PCs and the associated security risks, making thin clients an attractive solution. However research for this paper has revealed that these devices can introduce new risks to the network.
For this paper NCC Group Secure Test have performed an independent security evaluation of several popular thin client devices to understand the potential risks and feasibility of an attack to organisations who have adopted thin client technologies. Through this research we have identified a number of common vulnerabilities that consistently affect the devices.
The paper will also demonstrate that despite being marketed as secure alternatives to desktop estates, thin client devices suffer from just as many “out of the box” security issues as desktop software packages.