Using Existing Resources

by J. Edward Durrett

I recently had a project for a company who in reaction to an audit had
to better secure their internal network. At issue was their use of PXE
boot to boot their terminals and then have their desktops served over
the very insecure X protocol. This is was a common setup decades ago,
and is still used actively in projects like LTSP. However, the potential
for the sniffing of sensitive data off the local network is very high as
traffic is encrypted.

The company was not in the position to buy all new terminals nor did
they have the desire to administer multiple desktop systems. They had
been happy with their previous setup because of the low administrative
burden and low cost of maintenance. To complicate matters, the terminals
they were using were over a decade old and had a very small flash disk,
too small to put a small system on. The terminals did however have an
internal port to put an additional flash drive. So for the cost of just
$8 per terminal, they could be upgraded to a secure operating system.

To connect to the central server where the desktops were hosted, x2go
(x2go.org) provides a secure connection and (over ssh) a nice graphical
login. To keep administration simple, I put ssh keys on each of the
desktops so they could be centrally administered via ssh.

The only thing that changed, from the user's perspective, was the
graphical login. The rest, their desktops and the programs they use
every day to perform their work, stayed the same. And, the management of
the company is happy as what looked like a very expensive and
potentially disruptive upgrade turned out to be cheap, simple and, of
course, secure.







Copyright (c) 2019, Jason Edward Durrett - All content on this site, unless otherwise noted, is subject to this license.

Please contact me if any errors, such as erroneous / misleading content or missing / incomplete attribution, are found.