In 2008, Richard Stallman, known as the founder of the free software, in an interview with The Guardian, said that "one of the reasons we shouldn't be using Web applications to do our own computing is because we lose control over them." Summarizing Stallman's words, it can be argued that the use of any remote service restricts the user's freedom.

Ivan Chizhov
Head of Development Department
means of protection "Inline Technologies",
Ph.D.

History of terminal access

It all started with the product WinFrame, a young Citrix company at that time. This program was nothing more than Windows NT 3.51 with multi-user support. A little later, in 1998, based on WinFrame, Microsoft developed the first Windows NT 4.0 Terminal Server Edition, which allowed users to remote work. That is, the programs were executed on a certain server, and only the picture was broadcast to the user on the workstation. The remote work of users was based on the RDP 4.0 protocol, which later became widespread. This led to the fact that hackers began to pay special attention to the search for vulnerabilities in it, which turned out to be quite a few. AT certain moment administrators began to abandon the use of this protocol, fearing that servers would be hacked. And only the ability to use the TLS protocol to protect it gave RDP a second life.

RDP protocol

The current version of the RDP protocol is 7.1. It fixes many bugs, shortcomings and vulnerabilities of younger versions. Among its main features are:

Restriction of freedom is a significant drawback for the user, but an advantage for the owner of the service, since he gets the opportunity to exercise total control over the user's actions in the system. This leads to the idea that terminal access can be an excellent tool for creating a system for protecting private automated systems.

• the ability to publish applications for the user;
• support for network layer authentication;
• increase in productivity;
• reducing the delay in audio and video playback.

Thanks to the extended functionality for monitoring user actions, the RDP protocol has a "third wind" - the ability to organize secure terminal access for remote users to automated systems with reduced costs for protection tools and their further maintenance.

It should be noted that along with RDP, other terminal access protocols have evolved. One of the oldest and quite popular protocols is the ICA protocol, which underlies the Citrix product line. Its main drawback is that it is the property of Citrix, so it is almost impossible to conduct an independent study of the protocol for the presence of vulnerabilities and undocumented features in it. And such studies are necessary, for example, if the system processes PD of class K1. In this regard, it is not always possible to use this protocol everywhere.

From an information security point of view, terminal access technology has a number of attractive features:

• terminals or thin clients from which you can access system resources do not have hard drive;
• use a specialized OS, one of the tasks of which is to organize a session with a terminal server for the user to work;
• do not contain moving parts;
• are executed in specialized cases with completely passive cooling.

The idea of ​​terminal access arose long ago, back when computers were slow and occupied huge rooms. In 1970, one of the creators of the ARPANET network - the grandfather of the modern Internet network - said that someday every person on Earth will be connected to a network from which he will be able to receive not only the data he needs, but also programs for processing them. Even earlier, in 1961, John McCarthy, the founder of functional programming and artificial intelligence, suggested that in the future, computer power and even applications could be sold in the same way as in the field of utilities selling electricity or water.

This means that the user, working at the terminal, cannot write anything, since he does not have a hard disk. The OS used can be reduced to a single function - establishing an RDP session, which allows you to significantly limit actions on workstation. Connecting to a terminal external drives will not allow the user to write information to them, since the OS does not have the functionality to mount such devices on the application server. The solidity of the terminal complicates the user's access to its insides. The OS and software that the terminal uses require virtually no updates, so they can be fixed, certified and forgotten without spending money on certifying new versions and updates. By purchasing such software, you can be sure that changes and updates will not be required for a long time. In addition, the said solidity and some "static" nature of the terminal make it possible not to use anti-virus software to protect terminal stations.

The use of the RDP protocol makes it possible to implement a system consisting of various security loops. Consider, for example, the following problem: there are a number of workstations that process confidential information. Due to official duties, users, among other things, require access to the Internet. At the same time, the owner of the system does not want users to simultaneously work in the Global Network and process confidential data, and therefore it is necessary to disconnect workstations from the Internet and organize Internet access from separate dedicated workstations. How can using RDP help us solve this problem?

Let's take two application servers and install on one Internet browser all the programs that are necessary for users to work on the Internet, and on the other we install programs for processing confidential information. Instead of workstations, we will install terminals (thin clients) for users. And suppose that the operating system on the terminal is Linux with support for two desktops. And they are completely isolated from each other, and the exchange of information between them is impossible. Let's establish an RDP session to the first application server on the first desktop, and to the second one on the second one. Thus, at the same terminal on one desktop, the user sits on the Internet, and on the other - processes confidential information. The owner of the system sleeps peacefully, not worrying about a possible leak of confidential data.

The above clearly demonstrates that terminal access is an effective solution for people who think about the security of their information and do not want to spend a lot of money on building an integrated security system.

Typical architecture of a terminal access protection system

• use the SSLTTLS protocol for data protection;
• enable user authentication, for example, through a domain by login and password.

However, this approach is often not justified. This is especially true for systems in which increased requirements for information security are applied.

Let's consider a typical security architecture of a system built on the basis of terminal access technology (Fig. 1).

Let's assume that we have a farm of terminal application servers and many client devices (terminals) that communicate via the RDP protocol and provide the ability to use applications that users need. How to make the described system secure?

Requirement for access control

The system must implement a mechanism for restricting access to resources. It should be based on setting access rules based on group characteristics of users, programs and objects they run. Typically, the following permissions are considered: read, write, delete, and execute.

Requirements to information security systems
All requirements can be divided into five large groups:
1) to identification and authentication;
2) to access control;
3) to registration and accounting;
4) to ensure integrity;
5) to protect transmitted and stored information.

The resources for which access control functions are usually implemented include: files and directories located both on local and on network drives(including shared resources); built-in and external devices; built-in input-output ports; branches and registry entries.

Access control should be prohibitive, that is, resources to which no access is explicitly defined should be inaccessible to the user. Access control should apply to all users without exception. No user should have administrator rights, having access to all resources bypassing the protection subsystem.

Identification Requirements
In a typical average system, identification and authentication of access subjects is required when logging in with a login and password. In addition, identification of terminals, external devices of terminals by logical names should be carried out. Identification of programs, directories, files, records, and record fields by name is required.

In addition, very often in systems there is a problem of controlling the connection of external media, such as USB flash drives. The user can use only a verified flash drive in the system. He cannot bring any from home and use it.

The system must provide access control to applications. Users have access to those that are explicitly assigned to them by the security administrator, and not available to those that are not assigned to run. Ideally, they should not even be visible to the user.

In the case of using RDP access, a situation arises when applications of different users can run on the same server. In this regard, it is necessary to provide a trusted isolation of applications running under one user from applications running under another, on the same application server.

You must also prevent the user from loading their own OS on the terminal.

Requirements for registration and accounting

Requirements for the protection of transmitted and stored information
In the system, this is the simplest, but at the same time the most complex requirement. Typically, systems require encryption of all data transmitted over unsecured communication channels.

Typically, the registration and accounting system is subject to:

• connecting users to the system;
• application launch;
• access to controlled access objects;
• creation of protected access objects;
• changing the powers of access subjects.

After cleaning, the first entry in the registration protocol should automatically record the fact of cleaning, indicating the date, time and information about the person who performed this operation. This requirement is for administrator control. You can check the administrator's work in the system only by analyzing the event log, so you need a tool that would not allow unscrupulous administrators to change the audit log, including clearing it.

Integrity Requirements

1. Integrity software tools protection.
2. By immutability of the software environment.

At the same time, its integrity can be ensured by the absence of translators from high-level languages ​​and program debugging in the system. However, this mechanism is not effective enough, since it is possible to break the software environment, for example, by introducing some third party program in the OS, bypassing the access control system. It turns out that integrity can only be ensured in conjunction with an ideal access control system. In some cases, this binding is not desirable. And then usually apply hardware- software modules Trusted Boot (APMBD). Due to the fact that the system needs to install own programs, you have to reconfigure this hardware each time or exercise control only over the OS kernel. In the case of using a terminal instead of a workstation, you can generally hard-fix the OS.

Protection system architecture

Recording the results of registration and accounting in electronic form in the registration protocol should be available only for reading and only for the security administrator. At the same time, he can only view, copy and completely clear the registration protocol.

How to build with these requirements effective system protection of terminal access? The approach here must be comprehensive. Due to the fact that terminal access implies centralization, a pronounced centralization should also be traced in the architecture of the protection system.

It follows from this that the system should have a single entry point: some service that manages the protection system and performs the functions of identifying users and system components. From the requirements for the integrity of the terminal OS, a solution follows in which it has a very small size and stored on a dedicated server. After the terminal is connected and the user and the terminal are authenticated in the system, the OS is transferred to it via a communication channel, that is, network boot is used. This checks the integrity of the OS.

The requirements and architecture of terminal access suggest that the system must have at least the following components:

• authentication service - a single point of entry into the system - a centralization point;
• system administrator console - protection system management;
• load balancing service - to build an industrial level protection system, all security services must be clustered;
• terminal OS distribution service - stores current version terminal OS;
• security module - minimum required firmware terminal to start interacting with the system;
• terminal OS;
• component "Application Server" - performs, in particular, the functions of delimiting user access in the system;
• IP traffic encryption modules - required to provide data encryption.

The introduction of terminal access tools has recently aroused considerable interest among the heads of many companies - after all, this category of products, if used correctly, can significantly reduce both the cost of maintaining corporate software and the costs of regular hardware updates. In this article, we will talk about what can give the use of this category of products to small companies.

What is terminal access

once upon a time, when mankind was not yet aware personal computers, the typical architecture of any enterprise application was one that used a mainframe (or, in the case of a poorer company, a minicomputer) and a number of non-intelligent external terminal devices controlled by the same mainframe (or minicomputer). This approach, based on the complete centralization of resources, data and applications, had certain advantages - for all its shortcomings and the high cost of computer technology of those years, it, firstly, made it possible to solve problems that users of the first personal computers never dreamed of, and secondly , was distinguished by relative (naturally, for that time) ease of operation - after all, all computing equipment was physically located in one place, and users jointly exploited a common processor, memory, external devices, a multitasking operating system and a set of applications.

Modern terminal access tools used on personal computers, specialized terminal workstations and handheld devices are based on a similar principle of centralization of computing and collectivization of resources. In this case, the user launches the client part of the terminal access tool on the workstation and uses it to access the remote server computer containing the corresponding server part of this tool. Upon successful authentication, the server part of the terminal access tool creates its own session for the user, in which either the user manually or automatically (depending on the session settings and access rights) launches the applications he needs in the server address space. The user interface of applications launched in this way is available to the workstation user in the window of the client part of the terminal access tool, and he can control this application using the keyboard and mouse of the workstation - information about the keys pressed and mouse movement (and often the contents of the clipboard) are transferred to the session this user on the server, and changes are sent back to user interface applications. When a user session ends, all applications running in it are closed.

Terminal access and IT infrastructure costs

The advantages of using terminal access become apparent when there are a large number of workstations or with increased requirements for security and centralization of data storage. If applications are accessed using a terminal access tool, then only the operating system and the client part of this tool will be installed on the workstations, while the applications themselves that users work with are installed on the terminal server. In this case, the costs of maintaining workstations are significantly lower than when they are fully equipped with client parts of corporate applications, office suites, mail clients and other products used in the company, and the requirements for the hardware of such workstations are very moderate. In addition, there are special workstations for Windows control CE, designed to work in this mode. True, the requirements for terminal server hardware can be quite high, depending on the number of concurrent users. But modern facilities terminal access, as a rule, are able to work with server clusters and perform load balancing.

While the cost savings for acquiring, upgrading, and maintaining workstations can be calculated fairly easily, the savings associated with additional security for accessing corporate data are not immediately apparent. Since the applications are running on a remote server, the end user workstation has neither the client part of the server DBMS used in the company, much less access to desktop DBMS files, and this significantly reduces the risk of unauthorized access to corporate data - except by regular means (that is, using a corporate application) you will not be able to access them.

Leading Terminal Access Providers

Microsoft

The simplest terminal access tools, called terminal services, are part of the server Windows versions. Terminal Services is available for Windows NT Server 4.0, Terminal Server Edition (the first version of Terminal Access created with Citrix), Windows 2000 Server, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows Server 2003 (all editions).

Terminal operating parameters management tools Windows Services relatively simple. When using Windows Server 2003, Enterprise Edition, you can load balance the servers; possible dynamic management of session parameters; screen resolutions up to 1600X1200 and True Color mode are available to client sessions, and Windows Server 2003 Terminal Services clients can access their local resources ( external devices, disks, etc.) from within a terminal session. That, in fact, is all the capabilities of Windows Terminal Services available today. However, these services are often used by network administrators to manage servers remotely, and by software companies and departments to access applications installed on other computers.

Licensing of access through terminal services is carried out as follows. All devices accessing Terminal Services must have a Windows Server 2003 Terminal Server Device License (CAL) that grants access to Windows Server 2003 for the device, or the user must have a Windows Server 2003 Terminal Server User CAL. In addition to this, there is Windows license Server 2003 Terminal Server External Connector License, which allows anonymous simultaneous connections to terminal services over the Internet and is intended for application providers.

Citrix

Citrix is ​​rightfully considered the market leader in terminal access today. This company produces terminal access tools for Windows and UNIX; at the same time, this set of tools differs from Windows terminal services (licensed at one time from the same Citrix) in a very wide range of both client session configuration options and tools for managing terminal servers and other network resources involved in using terminal access, as well as an exhaustive set related tools and technologies integrated with each other, for example, password management tools, secure access, roaming of terminal connections when moving a client from one place to another. For example, using the tools included in the Citrix Access Suite running on top of Windows Terminal Services, you can set a very wide range of session parameters (window size, screen resolution, number of colors, rules for working with audio data), up to creating sessions that run in a windowed mode of only one specific application and ending at the end of its work, to carry out detailed monitoring of the entire distributed system and analyze the use of resources in user sessions, to implement optimal management of so-called server farms - clusters of servers containing applications of the same type, by balancing their load.

Note that when using Citrix technologies (in particular, the ICA architecture - Independent Computing Architecture), only information about mouse and keyboard input, as well as changes in the screen image, is transmitted over the network, which limits the bandwidth required for the session to less than 20 kbps.

Citrix Access Suite supports access to terminal servers from DOS, Windows, Mac OS, UNIX, Linux, OS/2, Java workstations from browsers using Netscape plug-ins or Active X controls for Internet Explorer, as well as from a wide range of mobile devices.

Accompanying Products

Starting to use terminal access, companies often face other challenges, such as managing access to applications, multiple user passwords, protecting transmitted data, providing access that does not depend on the infrastructure and type of device, user interaction among themselves and the effective maintenance of their IT services. service. For this purpose, they may need tools for managing passwords, organizing conferences, remotely managing workstations and their interface. All these products are available as part of the Citrix Access Suite, the release of which will allow us to talk about a fully integrated solution that provides a single infrastructure for user access to applications.

Terminal access for small businesses

It was traditionally believed that terminal access tools should be implemented in large enterprises with a large number of the same type of workstations, and reports on the most famous projects for the introduction of such tools often involve tens of thousands of jobs and huge budgets. However, there are products in this category that make sense to implement in small and medium-sized enterprises.

Of the novelties in this area, first of all, we note focused on this segment market product Citrix Access Essentials. This product can serve companies using the platform Microsoft Windows with the number of terminal workstations not exceeding 75 (including portable and mobile devices), and meets the requirements of small companies - it will be relatively cheap to purchase and implement due to inexpensive licenses (less than $ 250 per seat, which already includes a license to use Windows Terminal Services - Windows Terminal Server Client Access License) and ease of deployment and administration.

Technical features of Citrix Access Essentials

Citrix Access Essentials is a server application that runs on Windows Server 2003 and provides access to applications installed on that server through a Web interface. This product requires one server with an operating Microsoft system Windows Server 2003 Standard or Enterprise Edition, network connection between users' devices and the server, and a Web browser on each connected device.

Citrix Access Essentials supports two operating modes: single server operation (Figure 1) and operation using the Citrix Access Gateway hardware (Figure 2). In the first case, remote users can access the terminal server through a firewall, in the second case, through a virtual server. private network Access Gateway VPN (in this case, the terminal server is installed in the DMZ, which provides increased security of access to applications).

To secure access to the server, Citrix Access Essentials supports several methods of user authentication, including the use of encryption.

Deploying the Citrix Access Essentials server is simplified as much as possible - for this purpose, the Quick Start utility is included in the product package, which is a wizard for installing and configuring the server, registering licenses, generating distributions of client parts, and publishing applications on the server. The client parts are available for all versions of Windows, Windows CE, Pocket PC 2003, Mac OS X, Linux, Solaris, and devices that support Java.

The tools for managing the server, changing the configuration, and managing user access that are part of Citrix Access Essentials are also as simple as possible: in my opinion, mastering them should not cause any difficulties for specialists involved in administering networks of small companies (Fig. 3). They allow you to perform almost any operation, up to setting appearance interface of the client part of this product (Fig. 4). In addition, the product is provided with very detailed documentation describing every administrator's action, from installing the server to optimizing its performance, configuring security settings and accessing external devices.

In other words, this product is really created taking into account the characteristics of small companies, including the limited funds for the use of services of highly qualified (and therefore expensive) IT specialists.

Licensing

Citrix Access Essentials is licensed as follows. The product is available as named licenses purchased for each user who will use the software. This product does not support either side-by-side usage or device or server licensing. The product can be purchased with or without a Subscription Advantage.

When using Citrix Access Essentials (as with any other terminal access tool), you must also follow the rules for licensing software that will be accessed in terminal mode - license agreements for modern software usually provide certain rules for using products in such mode. In particular, often when working in this mode, the number of licenses purchased must be equal to the number of connected workstations, despite the fact that only one copy of the application is actually installed on the server.

Citrix Access Essentials and cost reduction

What costs can small and medium businesses avoid by implementing Citrix Access Essentials? The standard benefits of using terminal access tools, such as lower costs for maintaining the same type of workstations, their Hardware, in the case of small enterprises at first do not seem so obvious. But after all, the budget of such enterprises is small, so the ability to avoid unnecessary costs for support, even if not as significant as in large enterprises, is even more relevant for small companies. And providing additional security for access to corporate data for small businesses can be vital - if data is leaked, the consequences for small companies can be much more serious than for large enterprises.

Of the costs that small companies that have implemented Citrix Access Essentials will be able to avoid, first of all, it is necessary to allocate the costs of transforming the existing IT infrastructure and introducing new solutions when expanding their business, for example, when opening new offices and branches. In this case, the implementation of terminal access to the corporate information systems available at the central office (such as enterprise management systems, warehouse, accounting or personnel records) usually turns out to be much simpler and cheaper than deploying an independent infrastructure in the branch and organizing data synchronization with the central office. . In addition, a relatively large part of modern small and medium-sized businesses employs so-called mobile employees, providing for which communication with offices, security of access to corporate applications and data, as well as control of these processes is a very difficult task, which will also help to solve Citrix Access Essentials. Given the potential cost savings mentioned above, small business IT leaders should take a closer look at this product, as it may be able to solve some of their problems.

Another common remote access option is two variations of almost the same mode - remote control and terminal access. With this method, the remote computer becomes, in effect, a virtual terminal of the host computer, which may or may not be connected to the network. This option allows you to run any application on the host computer, as well as access any data on this host. If the host computer is connected to the network, then its remote users become full members of the network, acting as users of the host computer.

It has already been said above that the only difference between remote control and terminal access is that during remote control the user contacts an operating system that is not designed to support multi-terminal mode (MS-DOS, Windows 3.1, Windows 95/98, Windows NT, OS / 2 Warp), and terminal access is carried out to operating systems, for which the multiterminal mode is the main one (Unix, IBM, 1MB OS-400, VAX VMS).

Remote control or terminal access is needed when a remote user works with applications that are not optimized for networking, such as traditional personal computer DBMS such as dBase, Paradox or Access. Otherwise, when such an application is on one computer, and the database files are on another, the network generates excessive traffic.

The centralized scheme of remote control requires the installation of a special software product in the local network of the enterprise - a remote control server, for example, the WinFrame server from Citrix. On client remote computers, you also need to install additional software - the remote control client.

The protocols used by remote control programs to communicate information about screen updates, keystrokes, and mouse movements are non-standard - so you need to install remote control server and client parts from the same manufacturer. For example, users of the Norton pcAnywhere remote access software client will not be able to dial into a host running ReachOut, LapLink for Windows, Carbon Copy, Remotely Possible or Close-Up.

With terminal access, it is also desirable to install a special product in the central network - a terminal server. You can do without it, but then for each computer to which you want to connect in remote terminal mode, you need to install a modem and allocate a separate telephone number. The terminal server receives requests to communicate with a specific computer and transmits over the local network keystroke codes and characters to be displayed on the screen of the user terminal. To communicate with multi-terminal operating systems over a local network, the terminal server uses standard terminal emulation protocols, such as telnet for Unix, DEC LAT for VAX VMS.

Mail

Mail is another type of remote access. Dial-up mail gateways and remote access mail clients may be sufficient to meet the needs of many ordinary users. These mail gateways allow remote users or even remote offices to dial into the central office's mail system, exchange incoming and outgoing messages and files, and then disconnect.

Products designed for this purpose range from single-user client programs such as Lotus' cc:mail Mobile to full-blown gateways that facilitate mail exchange between remote servers and corporate local network(for example, Microsoft's Exchange).

Mail gateways can be useful when the amount of data that remote users exchange with the central office is not very large. Because the average user-gateway session time is relatively short, the core network gateway does not need to support a large number of telephone lines. Typically, a mail connection is easy to set up and the cost of the gateway software is negligible.

Gateways operate in automatic mode without human intervention. If one or two employees work in a remote office and do not need real-time access to corporate data, then the mail gateway can be good decision. Some applications automatically accept requests in the form of emails Email, and then send the same responses. So, for example, many DBMS work.

Not only mail, but also other applications written for local computer network, may have specific software modules designed for remote connections. Such programs establish connections between themselves using non-standard protocols and often increase the efficiency of the connection through special tricks, such as passing only updates between the remote computer and the host. An example of this class of products are software systems collective work.

One of the most popular ways in which networks, applications, and computers interact today is remote access. There are several types of this service, among which I would like to highlight terminal access. With this access, the user runs on his PC client-server programs (for example, 1C) installed on remote computer, and sees on his monitor only the result of their execution. This way of organizing the work of the company allows the management to control and efficiently use the time of employees, as well as reduce the cost of user administration, since all applications are launched centrally - on the terminal server.

Why do you need terminal access to the server?

In terminal mode, you can maintain the operation of all the company's software. The most demanded terminal access feature is access to Windows applications. A client program is used on users' computers, the task of which is to connect to the terminal server. For the user, work in any application launched remotely on the server looks exactly the same as if the software was installed on his computer.

What will change in the company's work after the transition to terminal access?

• Management of all company licenses will become centralized. This results in a unified view of jobs and makes it easier to install updates. Even to serve hundreds of jobs, only one administrator is needed.
• Employees will be able to work from any remote location (from home, business trips, vacations) with the same applications and data as in the office.
• The work of client-server applications will become more efficient and reliable. For example, 1C tasks will be completed faster. This is due to the fact that the connection between the server and client parts of the program improves, since network traffic does not leave the data center.
• Migration to thin clients is possible. The company no longer needs to keep full-fledged personal computers at their workplaces; for remote terminal access, it is enough thin clients(small diskless devices that are much easier to maintain than PCs).
• Savings on traffic. Remote screen image transmission traffic is much more economical in terms of bandwidth and bandwidth than traffic between client stations and servers.

Terminal access to the server has its advantages for both the user and the system administrator. Users will appreciate more stable and fast work with corporate programs. System administrators will be able to quickly close tasks related to the maintenance of workplaces (updating programs, deploying new desktops, etc.). Connecting to a terminal Windows access Server includes licenses for the use of a terminal server and a data backup service.

So, the transition to terminal access gives a significant increase in the efficiency of the company due to:

• data transfer from local computers users to the common information space of the terminal server;
• capabilities remote work all users in the same format and volume as in the office;
• increase the efficiency of user administration, which significantly reduces the downtime of workers.

6.1. General information about terminal access technology

Initially, the terminal mode of operation appeared and was used on mainframes. Users worked with terminals that provided communication with the terminal server and display of information received from the host computer. All calculations were carried out by the main computer. To date, the essence of terminal access has not undergone any ideological changes. In modern schemes for organizing computing processes, instead of a special hardware complex, client programs, which provide interaction with the server and display the information received from it. The entire computational load is also carried by the server.

Terminal access technology allows you to transfer computing

high costs from workstations to the server, solving a number of problems:

All data processing is performed on the server, there is no need for se-

File transfer, only the changed contents of the information windows are transferred from the server to the workstations text editors or DBMS, which simplifies the protection of network traffic and allows you to use almost any computer with any OS as workstations, including diskless stations;

There is no need to provide users with potentially dangerous network access to data files stored on the server;

Magnetic and external media, which may contain a full or partial copy of protected data files, are located only on the server and can be fully controlled by the administrator.

The following scheme of using the terminal access technology is assumed. The terminal access service is installed on the server, the applications necessary for the work of users are deployed. Server

terminal access must not perform other network functions other than terminal mode services, namely, shared network resources, including printers, are excluded. List of network

services running on the server and accessible from the network is limited only to a terminal service and, if necessary, a service that provides encryption of network traffic.

A terminal client is installed on user workstations and configured to connect to a terminal server. The terminal client can be launched either from the main OS installed on the user's computer, or from an OS launched from external media

(floppy or CD-ROM) or bootable using network card removed-

download.

In the first case, to work with protected data, the user from the main OS launches a terminal access client. At the same time, means of protecting information from unauthorized access can be installed on the computer. advantage this method is the possibility of organizing additional protection(encryption) network traffic by using IPSec protocol(in Windows XP OS) or specialized information security facilities.

In the second case, in order to work with protected data, the user loads the computer from a specially prepared media (CD-ROM or

floppy disks) onto which the Linux OS with the terminal server client is written. A diskless station can be used, booted from the server using network adapter, allowing remote download. Negative-

The key feature of this solution is the impossibility of using additional means of traffic encryption. The reason is that there are no certified information security tools downloaded from

external media or over the network.

To process protected data, the user runs the program -

terminal client, registers on the terminal server using

I eat private account. A feature of the terminal server setup is setting a number of restrictions for users, the most important of which is the prohibition of using the shared clipboard. Thanks to this prohibition, the problem of unauthorized copying of protected data onto workstation media is solved. The terminal user can select and copy both the data file and the contents of the information window to the clipboard of the terminal Windows. However, the paste operation can only be performed in a terminal server window. In the workstation window, the ability to paste from the clipboard will be blocked.

Thus, copying of all protected information or part of it can be carried out only on media that are physically connected

to the server. This imposes some restrictions on the possibility of exporting

that / import of data, since export and import operations are also carried out

are transmitted only through the media installed on the server. The main advantage is that all media, including external media, which may contain a full or partial copy of protected data, are located only on the server under administrator control. This simplifies centralized anti-virus control and blocks the possibility of malware.

The problem of the formation of technological "garbage" at workstations is also solved automatically. For each terminal session on the server

a temporary directory is created. If the appropriate settings are set,

then at the end of the session this directory will be deleted. Thus, technology

chesky "garbage" remains only on the media of the terminal server.

The problem of transmission of open network traffic is solved primarily by the fact that in terminal access technology all processing of protected data is performed on the server, and only the modified content of the information windows of the corresponding applications is transmitted to workstations. In addition, it is possible to encrypt traffic by means of a terminal server. The terminal server supports several levels of security, each of which determines the direction of encrypted traffic and the length of the key used in encryption.

Windows Server 2003 includes Microsoft Terminal Services (MSTS). It provides the ability to either remotely administer

rirovat server, or turn it into an application server (terminal

server). In addition, there is an add-on for this service, developed by

by Citrix, which introduces a number of additional features and increases the number of supported platforms.

It should be noted that the MSTS implementation itself is not free from shortcomings.

kov, which can potentially be used by attackers to compromise data security. Since all users connecting to the server in terminal mode are, in fact, interactively logging in, they can log in to the system from the server console. Consequently, the use of a terminal server imposes increased requirements on administration and on the implementation of the necessary security settings for the software being used.

The security of the terminal access mode is provided by a combination of settings of the Windows Server 2003 OS, the MSTS server part and the terminal access protocol - RDP. Each of these components implements

There are various protection mechanisms, but at the same time, each component has its own vulnerabilities that can be exploited by attackers.

The main groups of vulnerabilities in Windows Server 2003 that seem to be relevant for protection in terminal mode are:

Possibility network access to the information processed by the server;

Possibility of expansion of powers at implementation of local access.