1.5 Security

By design, thin client software enjoys enhanced security, since all programs and data reside on the server. Thin client system security is designed to address two fundamental issues:

1. controlling access to data files

2. prevention of unauthorized use of thin client components to perform privileged activities (such as modifying privileged files)

The first issue, controlling access to data files, is addressed in two ways: first, via a server access file known as AcuAccess (the same access file used by AcuServer^TM and AcuConnect^TM), and second, through the standard UNIX or Windows NT/2000 file access provisions. Whether a thin client user can access a given file on the server depends on two things: (1) the user ID assigned the requester in the server access file, and (2) either the Windows NT/2000 security set up for your files, or the UNIX ownerships and permissions set on the particular file.

The second issue, preventing unauthorized privileged use, is addressed through strict enforcement of the security measures that you have established through the server's operating system.

When AcuLaunch is running as a Windows NT/2000 service, it belongs to an implicit group called "SYSTEM." Make sure that the "SYSTEM" group is added to your file permissions with "Full Control." This is not necessary if you are using Windows NT security via the NT_SECURITY configuration variable.

UNIX ownerships and permissions can be set on key AcuLaunch files. Note, however, that your site could jeopardize security if you include entries in the server access file that explicitly allow users running as root on the clients to run as root on the server. We strongly recommend against the inclusion of such entries.

Achieving sound system security depends on the configuration and management of the following security elements:

• the server access file (the database of authorized thin client users)
• the Windows NT or Windows 2000 security protections set up for the acurcl executable file, server configuration file, server access file, and remote data files and directories. Recall that the NTFS file system is more secure.
• the UNIX ownerships assigned to the acurcl executable file, server configuration file, server access file, and remote data files and directories
• the UNIX access permissions (read, write, and execute) set on the acurcl executable file, server configuration file, server access file, and remote data files and directories

UNIX ownerships and permissions on the acurcl executable, server configuration file, and server access file are described in Chapter 3, section 3.3 Configuring the Server. These specifications must be strictly maintained. If the ownerships and permissions are more permissive than those specified, AcuLaunch will not start, halting thin client operation.

In addition to the AcuAccess file, Acucorp's thin client solution offers an encryption scheme to further enhance security. Encryption protects information while it is stored on the server and while it is in transit across the network. For information about the configuration variables used to enable encryption, refer to 3.3.2 Assigning Values to Server Configuration Variables.