Page 595 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 595

Distributed Systems and Endpoint Security


               As computing has evolved from a host/terminal model (where users
               could be physically distributed but all functions, activity, data, and
               resources reside on a single centralized system) to a client-server

               model (where users operate independent, fully functional desktop
               computers but also access services and resources on networked
               servers), security controls and concepts have had to evolve to follow
               suit. This means that clients have computing and storage capabilities
               and, typically, that multiple servers do likewise. The concept of a

               client-server model network is also known as a distributed system or a
               distributed architecture. Thus, security must be addressed everywhere
               instead of at a single centralized host. From a security standpoint, this
               means that because processing and storage are distributed on multiple
               clients and servers, all those computers must be properly secured and
               protected. It also means that the network links between clients and
               servers (and in some cases, these links may not be purely local) must
               also be secured and protected. When evaluating security architecture,

               be sure to include an assessment of the needs and risks related to
               distributed architectures.

               Distributed architectures are prone to vulnerabilities unthinkable in
               monolithic host/terminal systems. Desktop systems can contain
               sensitive information that may be at some risk of being exposed and
               must therefore be protected. Individual users may lack general

               security savvy or awareness, and therefore the underlying architecture
               has to compensate for those deficiencies. Desktop PCs, workstations,
               and laptops can provide avenues of access into critical information
               systems elsewhere in a distributed environment because users require
               access to networked servers and services to do their jobs. By
               permitting user machines to access a network and its distributed

               resources, organizations must also recognize that those user machines
               can become threats if they are misused or compromised. Such
               software and system vulnerabilities and threats must be assessed and
               addressed properly.

               Communications equipment can also provide unwanted points of
   590   591   592   593   594   595   596   597   598   599   600