The long-awaited version of Microsoft's Windows NT Server that was designed to support thin clients leaves users vulnerable to the same potential security holes that exist in other versions of NT. But with the Windows Terminal Server, codenamed Hydra, the consequences are even greater.
Hydra is similar to Unix operating systems in that it lets multiple clients access and run the same application on a server. Though more efficient from a management standpoint, that model puts all of a company's data and applications on a server, which increases the damage potential of a security breach.
"Because multiple users are accessing an application from a single server rather than from their local hard drive [such as a PC], internal hackers have greater opportunity to access all the corporate jewels. That includes all server-based data and applications, permissions file and registry," said Chris Klaus, chief technology officer and founder of Internet Information Systems. The company finds security flaws in operating systems.
The Windows Terminal Server (WTS) is an extension of Windows NT, which means setup, configuration and security controls are the same. Both Windows NT and WTS ship with few, if any, security mechanisms in place.
It is up to systems administrators to turn on and configure the security mechanisms within the operating system, said John Frederiksen, Microsoft's Hydra group product manager in the US. But unlike NT, thin-client networks require almost all data to be stored on the server, not individual PCs.
"With Hydra, a hacker only has to crack into the main server to get immediate access to all thin-client data," Klaus said.