Fysiska klienter för IT-system - Egenskaper och IT-säkerhetseffekter på systemnivå

Solutions based on client-server architectures allow users to access data and services offered by a server over a network. The client terminal provides the IT system's interface for the user. Clients are usually divided into the three main categories thick clients, thin clients, and zero clients. Thick clients are essentially normal computers where applications are stored and run on the client. Thin clients are simple computers, with a limited operating system, running a remote desktop software to provide access to the servers. Zero clients are further simplified. Zero clients have no operating system and act as an extension of the user interface provided by the server's remote desktop. The selection of client type usually involves the consideration of various properties of the IT system. There is rarely an obvious choice and it is often possible to use different client types. Nevertheless, the different types of clients do have properties that make them more or less suited as the design solution for a specific IT system. Specifically, there are security aspects associated with the choice of client type. There is a market trend towards systems with remote desktop solutions, where the concept of thin and zero clients suits well. In marketing material, and even in the professional press, these solutions are described as very favourable, from functional, financial, and security perspectives. After a careful analysis of the content of these documents, a more balanced view of the solutions emerges. Some claims are erroneous, some are excessive, and some are, viewed from the perspective of the Swedish Armed Forces, irrelevant. After this analysis, there remain essential properties of thin and zero clients that can provide added value to an IT system. The actual value that is added usually depends on the context, and the choice of client type is usually a trade-off between different requirements. A market overview of thin and zero clients with security certifications shows that there are only a few products available and that it is difficult to assess the reliability of these based on publicly available marketing material. However, from the results presented in this report, it emerges that a secure zero client in some cases would be a valuable component to have in IT systems used by the Swedish Armed Forces. Therefore, at the end of the report we present a possible architecture of a zero client that allows simultaneous connections to several separate information domains as an attempt to demonstrate that such a solution is possible.