August 11, 2008
Fatma Al-ansari was hired as an intern at Q-CERT to investigate the performance characteristics of so-called "thin clients." Some researchers believed that thin clients have the potential to revolutionize the information security landscape because they shift the burden of securing the computing infrastructure away from the end user and onto the IT staff, who are much better equipped to bear that burden. Because most of the computing is done on the server instead of the client, the thin client paradigm greatly reduces the risk profile of the organization, simplifies management of the infrastructure, and lowers electricity costs. Q-CERT is also interested in using thin clients as a courseware delivery mechanism.
Ms. Fatma used the Linux LTSP thin client implementation to verify earlier research that showed that the major obstacle to using thin clients is when many clients need to initialize their systems at the same time. In that situation, there is a lot of resource contention, and the system grinds to a halt.
Not satisfied with just one project, Ms. Fatma went on to investigate the usability of Single Packet Authorization (SPA), a recent innovation that makes internet services invisible to unauthorized parties. Currently, internet services announce their availability by responding to requests on a specific "port" (port 80 for web sites, port 22 for remote access, etc.). Malicious individuals routinely exploit this mechanism by scanning for ports that have services watching them and then attacking those services. SPA hides the service behind a firewall and opens that firewall only to requests that come with encrypted authentication credentials—an elegant, lightweight solution to an enormous security problem.