Thin Client Virus Vulnerability Analysis HP Compaq t5000 Thin Clients



Similar documents
Thin Client Virus Vulnerability Analysis

Printing and Imaging Support on HP Compaq Thin Clients

Quick Start to Evaluating. HP t5630w, HP t5730w, HP gt7720

Embedded Operating Systems Selection Guide

Server based computing An introduction to server based computing, its advantages and how it works.

Quick start to evaluating HP Windows Embedded Standard 2009 Thin Clients. HP t5630w, HP t5730w, HP t5740, HP gt7720

How To Use The Enhanced Write Filter On Windows Xp Embedded (Dota) With A Powerbook (Dot) And Powerbook 2 (Windows Xp) With An Overlay (Powerbook) With The Write Filter (Wfmgr) On A

HP Thin Client Imaging Tool

Firmware security features in HP Compaq business notebooks

HP Thin Clients Flash/SSD Selection

HP ThinPro. Table of contents. Connection Configuration for RDP Farm Deployments. Technical white paper

QuickSpecs. HP Device Manager

HP Compaq dc7800p Business PC with Intel vpro Processor Technology and Virtual Appliances

HP 8-GB PC (DDR MHz) SODIMM

HP Service Manager Architecture and Security HP Software-as-a-Service

Sharing Pictures, Music, and Videos on Windows Media Center Extender

ThinPrint.print Server Engine installation and architecture

HP Notebook Hard Drives & Solid State Drives. Identifying, Preventing, Diagnosing and Recovering from Drive Failures. Care and Maintenance Measures

QuickSpecs. HP Data Protector Express Single Server Edition 4.0 Service Pack 1 Overview

SSL VPN Technology White Paper

Windows Remote Access

WhitePaper THIN CLIENTS

HP Security Solutions for Microsoft

Protecting Content and Securing the Organization Through Smarter Endpoint Choices

HP Data Protection. Business challenge: Resulting pain points: HP technology solutions:

HP Business Service Management

THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY COMPANY.

Bluetooth Pairing. User Guide

HP Smart Array 5i Plus Controller and Battery Backed Write Cache (BBWC) Enabler

Virtual Desktop Infrastructure

Symantec AntiVirus for Network Attached Storage Integration Guide

Using HP System Software Manager for the mass deployment of software updates to client PCs

HP Device Manager 4.6

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

FTP Image Update for HP Linux Thin Clients

HP Security Assessment Services

Using HP StoreOnce Backup systems for Oracle database backups

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak CR V4.1

How to use Data Protector 6.0 or 6.10 with Exchange Recovery Storage Groups to restore a single mailbox

Citrix XenDesktop Architecture and Implementation on ProLiant Servers

Using HP StoreOnce Backup Systems for NDMP backups with Symantec NetBackup

Creating and Restoring Images on the HP Thin Client with Altiris Deployment Server v6.5

Installing and Configuring HP Remote Desktop Protocol (RDP) Multimedia and USB Enhancement Software for Linux

HP ThinPro. Table of contents. Enabling RemoteFX for RDP. Technical white paper

Using Integrated Lights-Out in a VMware ESX environment

Wyse Device Manager TM

Managing Security Risks in Modern IT Networks

QuickSpecs. HP Session Allocation Manager Software (SAM v2.3) Overview

HP Virtual Controller and Virtual Firewall for VMware vsphere 1-proc SW LTU

Windows 7 XP Mode for HP Business PCs

Quick Reference Guide for Microsoft Windows XPe-based Thin Clients - t5720 & t5730 Quick Reference Guide

Using HP StoreOnce D2D systems for Microsoft SQL Server backups

WHITE PAPER. HP Guide to System Recovery and Restore

Server Virtualization A Game-Changer For SMB Customers

HP Digital Signage Player MP4 and MP9 Microsoft Windows Embedded Standard 7. Quick Reference Guide

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Infinity Acute Care System monitoring system

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Capture Link Server V1.00

Introduction of VMware Horizon Advanced 10 Pack 1yr, 3yr and 5yr support, electronic format.

New Advanced RAID Level for Today's Larger Storage Capacities: Advanced Data Guarding

A closer look at HP LoadRunner software

Models Smart Array 6402A/128 Controller 3X-KZPEC-BF Smart Array 6404A/256 two 2 channel Controllers

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

HP ProtectTools Embedded Security Guide

HP Insight Diagnostics Online Edition. Featuring Survey Utility and IML Viewer

HP VMware ESXi 5.0 and Updates Getting Started Guide

QuickSpecs. What's New. Models. ProLiant Essentials Server Migration Pack - Physical to ProLiant Edition. Overview

HP Client Automation software Starter and Standard Editions

HP Insight Capacity Advisor Virtualization Services

Windows Operating Systems. Basic Security

Evaluating Thin-Client Security in a Changing Threat Landscape

At a Glance. Key Benefits. Data sheet. A la carte User Module. Administration. Integrations. Enterprise SaaS

Instructions for installing Microsoft Windows Small Business Server 2003 R2 on HP ProLiant servers

HP Softpaq Download Manager and HP System Software Manager

QuickSpecs. HP Compaq t5525 Thin Client. Overview

Customizing Asset Manager for Managed Services Providers (MSP) Software Asset Management

Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology

HP Real User Monitor. Release Notes. For the Windows and Linux operating systems Software Version: Document Release Date: November 2012

Building A Secure Microsoft Exchange Continuity Appliance

THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY.

Microsoft Windows XP Service Pack 1 on Compaq Evo Notebooks

The evolution of virtual endpoint security. Comparing vsentry with traditional endpoint virtualization security solutions

Cisco Advanced Malware Protection for Endpoints

HP ThinShell. Administrator Guide

The Microsoft JPEG Vulnerability and the Six New Content Security Requirements

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DR V2.0

Windows Embedded 8 Standard for HP Thin Clients. Quick Reference Guide

Virtual Desktop Infrastructure Planning Overview

Simplifying the Desktop Transformation with HP and Liquidware Labs

Advanced Solutions of Microsoft SharePoint Server 2013 (20332) H6C76S

HP Connection Manager. Administrator's Guide

Transcription:

Hp Compaq t5000 Thin Clients June 2004 Instructions. Thin Client Virus Vulnerability Analysis HP Compaq t5000 Thin Clients Table Of Contents Table Of Contents... 1 Executive Summary... 2 Virus Vulnerabilities, Encounters and Impact... 3 Virus Encounter Vectors... 3 Impact of Client Computing Vulnerabilities... 4 HP Thin Client Response to Vulnerabilities... 5 Thin Client Firewall... 8 Recovery Time... 8 Summary... 9 1

Executive Summary Enterprise computing networks require effective protection against computer viruses and other security issues. These security breaches can result in costly service calls, user downtime and loss of business-critical data. When compared to the traditional unmanaged PC network model, the HP thin client computing model yields a less vulnerable segregated approach to computing with substantially better recovery time, while minimizing total cost of ownership (TCO). According to an ICSA Labs virus analysis 1, the average downtime lost during an encounter was 23 person days. This down time accounted for data loss recovery and patching the connected network servers and PCs. With the HP thin client computing model, your exposure to virus attack on the thin client system is over 80% less than a standard Windows PC. This means that your user will experience significantly less downtime due to security vulnerabilities than a PC user. In addition, since no user data resides on the thin client, there is no risk of user data loss on the thin client. Finally, if a thin client s image is compromised or corrupted, the recovery time is typically measured in minutes instead of hours. Furthermore, the HP thin client computing model utilizes PC blades and/or servers located in the data center. These centralized devices can be protected and monitored more easily with centrally managed virus and firewall tools. Compromised resources can be quickly taken offline, corrected, or recovered faster and cheaper than distributed PC resources. This model also allows a user s data to be segregated and centralized for easy backup and recovery, ensuring a higher level of service and security for your users at a lower TCO than distributed PC resources. At HP, we realize security and TCO are important factors in enterprise computing. A Fall 2003 EDC survey showed more than eight out of every 10 enterprises suffered a security breach as a result of malicious code. As a result, more than half the enterprises are increasing their IT security budgets. HP believes the thin client computing model is an effective solution for the security conscious enterprise. 1 ICSA Labs 8 th Annual Computer Virus Prevalence Survey 2

Virus Vulnerabilities, Encounters and Impact The following graph depicts security vulnerabilities experienced by actual enterprise customers as surveyed by ICSA Labs for the years 1996 through 2002. The second graph contains the most vulnerable technologies as perceived by the enterprises surveyed in 2003 by EDC. The graphs illustrate a strong correlation between the actual occurrence of each vulnerability and its associated technology in an enterprise. For example, 86% of the encounters experienced in 2002 were email related and according to EDC, 50% of the enterprises surveyed in 2003 perceive email as their most vulnerable technology. The third graph illustrates the impact of these vulnerabilities on the enterprises surveyed by ICSA in 2002. 100% Virus Encounter Vectors ICSA Labs Virus Prevalence Survey 2002 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 1996 1997 1998 1999 2000 2001 2002 Diskette E-mail Internet/Non-email Other Note: Other in this graph represents unknown vectors and 3 rd party/freeware software distribution 3

Impact of Client Computing Vulnerabilities Responses 0 50 100 150 200 250 Loss of productivity 75% PC was unavailable 69% Corrupted files 62% Loss of access to data 49% Lost data 47% Effects Loss of user confidence Interference, lockup Unreliable applications 18% 13% 33% Trouble reading files 12% Trouble saving files 9% System crash 9% Trouble printing 7% Threat of job loss 2% ICSA Labs Virus Prevalence Survey 2002 4

HP Thin Client Response to Vulnerabilities Given the data in the previous section, the thin client computing model substantially reduces the likelihood that the client device will encounter a vulnerability as compared to a standard PC. It also centralizes an enterprise s most vulnerable technologies in the data center where they can be most effectively controlled and protected from exposure at the user level. The following table summarizes the previous data and shows that thin clients are substantially less susceptible to the virus vectors and are exposed to fewer of the perceived vulnerable technologies than a standard PC. The following sections detail these areas as related to the thin client computing model. Technology Personal Computers (PC) Thin Client (TC) Diskette/Removable Media 2002 Encounter Vector Experienced 2 2003 Perceived Vulnerability 3 2002 Encounter Vector Experienced 2 Email 86% 49.9% 0% 0% Operating System Instant Messaging 2003 Perceived Vulnerability 3 0% 13.5% 0% 13.5% 0% 10.1% 0% 4 0% 4 Web Browser 4% 8.1% 0% 4 0% 4 Peer-to-Peer Apps Office Applications Multimedia Viewers 11% 6% 0% 0% 0% 6% 0% 0% 0% 3.6% 0%4 0% 4 Other 5 4% 2.9% 0% 0% Total 105% 100% 0% 13.5% The intrusion of viruses from diskettes has declined significantly over the years and does not appear to be a significant vulnerability point. Still, a small percentage of virus encounters do occur via CD-ROMs and other removable media, typically when infected retail software is installed. Thin clients are predominantly deployed with no local removable drives such as CD-ROMs, diskettes, or hard drives. 2 ICSA Labs Virus Prevalence Survey 2002 3 Enterprise Development Mgt. Issues 2003: Fall, 2003 Evans Data Corp. 4 This vulnerability is zero only if this component is not installed on the thin client device 5 Other in this table represents unknown vectors and 3 rd party/freeware software distribution 5

Email/Office applications Web Browser/Internet/Nonemail/Peer-to-Peer With thin clients, users execute their email and office productivity applications on centralized servers and/or blade PCs. These applications and their associated data execute only on the server/blade. The user interface for these applications is rendered locally on the thin client through the Terminal Services Remote Desktop Protocol (RDP) or the Citrix Independent Computing Architecture (ICA ) protocol. This means any virus or vulnerability introduced through your email/office or other remote applications typically affect the server/blade and not the thin client. Additionally, the administrator has total control over the crucial applications and data on the servers or blade PCs, and can readily manage and deploy virus and firewall protection to these centralized systems. While these backend systems are at risk, applying patches or hot-fixes to centralized computing resources is more cost effective and takes less time than it does for standalone PC systems. These vectors and technologies are a growing concern. The majority of infection occurs through infected/malicious code that is downloaded or shared via these technologies. Security holes in internet browsers are reported frequently. Browser-related intrusions are centered on JavaScript, Java Applets and Active X. The thin client model addresses these exposures in several ways. First, peer-to-peer applications and many of the internet and non-email web services are typically not deployed on thin clients. The best thin client strategy is to deploy only what you need to achieve your business goals. Second, user initiated file downloads and sharing typically occur at the server/blade PC level and not on the thin client itself. The thin client typically does not provide the user with the space and access rights to support this. For example, on HP XPe thin clients, the Enhanced Write Filter (EWF) prevents permanent modifications (writes) to the contents of the system s flash. Finally, the internet browser is an optional feature on the HP thin clients. It can be removed to ensure a more secure environment. 6

Operating System Compared to a standard PC operating system, embedded operating systems are substantially smaller, providing less surface area to attack. Also, it is usually easier to configure an embedded OS to have fewer services that can be exploited than it is for a standard operating system. Advantages of the operating system will differ based upon the embedded OS chosen. Different operating systems are targeted at different rates and inherently have unique vulnerabilities. For example, CE.NET is substantially smaller and lighter than XPe or XP and is not targeted aggressively. The following is a comparison of operating systems and their exposure on HP systems to the most exploited vulnerabilities of 2003 as listed by TruSecure. 6 As compared to a standard Windows PC, only two (MS03-026 and MS03-007) or around 22% these nine most exploited vulnerabilities were relevant to the HP XPe thin client. Patches for both are included in the image. Number of Viruses Exploited Vulnerability Number Exploited Vulnerability Name 28 MS01-020 Incorrect MIME Header Can Cause IE to Execute Email Attachment 16 MS00-072 Share Level Password 6 MS03-026 Buffer Overrun In RPC Interface Could Allow Code Execution 3 MS99-032 Scriptlet.typelib/eyedog 2 MS00-075 Microsoft VM ActiveX Component 1 MS99-042 IRFRAME ExecCommand 1 MS00-043 Malformed Email Header 1 MS00-046 Cache Bypass 1 MS03-007 Unchecked Buffer in Windows Component In addition to being a smaller target, HP s thin client XP embedded OS contains an Enhanced Write Filter (EWF) preventing damage to the local file system and its OS files. The EWF protects the contents of the media by redirecting all the writes to a temporary virtual memory location. These writes are lost when the system is shutdown or restarted. Finally, none of these vulnerabilities were relevant to the HP CE.NET thin client. CE.NET is significantly smaller than XPe and is not a targeted operating system. Instant Messaging Multimedia Viewers 2003 saw a rise in viruses that infected devices via instant messenger (IM) clients. The proliferation of IM clients and greater acceptance of their use in corporate settings will continue to increase the attractiveness of this vulnerability for virus infections 6. Instant messenger is an optional component for the HP thin client and can be removed to ensure the most secure environment. This technology is a growing concern for security conscious network administrators. The majority of infection occurs through infected/malicious code that is downloaded or shared via the internet. Security holes in internet Media Player have also been reported. Media Player-related intrusions are centered on requests and downloads of media files and skins. Media Player is an optional component for the HP thin client and can be removed to ensure the most secure environment. 6 Wildtrends 2003: A Look at Virus Trends in 2003 and a Few Prediction for 2004; A TruSecure Whitepaper 7

Thin Client Firewall Recovery Time Another key component to ensure the most secure computing environment is a firewall. HP offers the Microsoft Firewall as an add-on. If one of your systems on the network is compromised by malicious code, the firewall will prevent your thin client from infection. Additionally, a firewall will help prevent external attacks from reaching your system, protecting against intruders infecting the thin client with malicious code. In the event of a virus attack or other security issue, the HP thin client computing model offers significantly shorter recovery time when compared to the traditional desktop model. If a thin client s image is compromised or corrupted, the recovery time is typically measured in minutes instead of hours. Recovery usually involves a power cycle (1 minute), patch (5 minutes), or re-image (15 minutes) of the system. This is substantially less time than the typical two hours it takes to re-image a PC or the multiple hours that can be spent rebuilding and recovering a user s data and environment. The following graph compares the average recovery time of thin clients and desktop computers. In all categories, the HP thin client computing model meets or greatly exceeds the recovery speed performance of the traditional desktop computing model. Recovery Analysis 120 100 Duration (in minutes) 80 60 40 20 0 Scan/Isolate Clean/Remove Patch Vulnerability Action TC PC Re-Image (if necessary) 8

Summary The HP thin client computing model provides significantly better virus protection than its PC counterpart. This protection is achieved by: Centralizing an enterprise s computer resources in the data center. Using centralized virus protection and firewall tools to protect these resources. Segregating the user s data for enhanced security, backup, and quick recovery. Deploying HP thin clients for simple, secure, reliable, and efficient access to these centralized resources. Using HP centralized management tools to manage and patch at all levels of the enterprise. Microsoft, MS-DOS, Windows, and Windows NT are trademarks of Microsoft Corporation in the U.S. and other countries. 2004 Hewlett-Packard Development Company, L.P. The information in this document is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. 06/2004 P/N 367974-001 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information