Client-Side Security

Charles Border, Rochester Institute of Technology

Introduction

Why Worry About the Security of Clients?

RFC 2196 Site Security Handbook

Types of Attacks

How Can Crackers Accomplish Their Goals?

Classes of Clients

Active Content and Client-Side Security

Binary Mail Attachments

Helper Applications and Plug-Ins

Scripting Languages

Securing Clients

Initial Deployment

Maintenance

Monitoring

Improving User Awareness

Conclusion

Glossary

Cross References

References

Further Reading

INTRODUCTION

Although large organizations spend millions of dollars every year to secure the periphery of their networks through the use of firewalls, a technological solution that controls the actions of insiders has thus far proved elusive. According to Thompson and Ford (2004), “The issue is trust. Insiders must be trusted to do their jobs; applications must be trusted to perform their tasks. The problem occurs when insiders—be they users or applications—intentionally, or unintentionally, extend trust inappropriately.” Client-side security involves finding ways to control the ability of insiders to extend the trust relationship that they acquire as insiders in ways that are detrimental to the overall security of the network. Because a wholly technological solution has remained beyond the reach of developers, managers of both information technology professionals and other employees must work together to develop a solution that involves not only technology but also improving user awareness ...

Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.