Want more advice for locking down your network? Stay on top of the latest security issues and industry trends by automatically signing up for our free Internet Security Focus newsletter, delivered each Monday!

When it comes to reliability and security,
few people will argue that personal computing is at its peak. And
it really doesn’t matter what operating system or application
software a PC runs; there will always be software flaws with the
potential to cause problems.

Connect a few million PCs installed with buggy,
unmaintained software to a network or the Internet, and you’ve got
a much larger problem. Corporate networks protected by firewalls
help, but even the best firewall can’t stop problems from spreading
inside networks.

For areas where high-security computer access
is a necessity, a centralized approach to access control and
authorization may be the solution.

Many will argue that the mainframe era, despite
the relatively simple character-based user interface, was a better
paradigm for secure and reliable computing. While centralized,
session-based computing that uses character terminals is somewhat
dated, it remains stubbornly reliable, particularly when security
is a more important factor than usability.

However, thin client computing makes it
possible to combine the best of the mainframe terminal approach
with the graphical interface required by modern software. You can
apply thin client concepts to regular computers running specific
software that provides a remote graphical desktop on a centralized
system. A number of different methods and protocols are available,
and the thin client concept, which uses session-based graphical
desktops, offers corporations both security and usability.

Because most wide-scale security incidents
occur on Windows machines, Windows thin clients could play an
important role in an organization’s network. Originally developed
to provide remote Windows access, thin clients’ protocols and
concepts can help companies greatly improve Windows security.

However, I’m not advocating the wholesale
replacement of Windows PCs with thin clients. What I am suggesting
is that thin clients can improve overall security for specific
purposes, especially when it comes to desktop consistency.

Under Windows, thin clients access a central
server for multiple user sessions, and they generally use Citrix
MetaFrame or Windows Terminal Services. These products provide
multiple Windows sessions from one central system, just like the
mainframe paradigm.

The improvement in overall security comes from
not having to constantly maintain a network of hundreds of
Windows-based PCs. Instead, the security focus is now on the main
Windows servers that provide the sessions.

Of course, there are significant drawbacks to
session-based remote desktops, most notably speed. Even across a
fast network, remote desktop access is orders of magnitude slower
than a PC. Therefore, I would argue that thin clients only make
sense in specific situations, particularly when security and access
control are essential (and, of course, when someone needs to access
a Windows desktop from a remote location).

However, remote Windows desktops also offer
benefits in addition to boosting security. It’s generally a good
practice to have a standardized, reproducible desktop in a
corporation, and overall costs of security are generally lower when
there are fewer computers to maintain.

Of course, it’s typically not practical to run
an entire corporation on thin clients. Deciding where and how to
implement thin clients is something that each organization must
figure out, but security and access control should be the deciding