Insecure Client on a High Security Network.
This is a hypothetical question. Raised with a purpose.
Imagine a military grade secure network with one Sun high end server with ample processing power, very high bandwidth, ample storage, well demarcated zones, exceptionally good network security administators securing the server and the very very very valuable data , The Server runs on Solaris 10 with uptodate patches, further enhanced by suitable thirdparty hardware and software firewalls, antispyware and antivirus. There is no other O/S on this server, not even VM ware on the server.
For some arbitrary reason that can not be questioned, a client desktop has to be admitted into the network. The user, let's say, the boss's adorable little daughter and everyone's darling, brings in a computer, a common desktop with a common motherboard and all kinds of physical ports including a game port, hates a client level firewall and has none, fond of Windows and has Windows 98 the orignial release, unpatched and the little girl wouln't allow anyone near her computer even to patch up her favorite O/S or upgrade it. She wants to be connected to the network and enjoy the bandwidth and wants storage space on the server to store her favorite carton movie downloads and files. She browses a lot, chats on a older version of yahoo messenger and msn messenger.
This desktop is a potentially explosive security vulnerability, about to be connected to the network. The hacker undergound and the malicious business competitors are already waiting.
The Board of Directors ban the network security professionals from within 100 yards of the little girl's computer, warn them against preaching her network security. No tricks to be played on this little girl, storage on this server should be on this server as the girl wants it, not in a remote location, with the appearence of local storage. Bandwidth is bandwidth from this network, not from outside through invisible wires. Total honesty is insisted.
As a consolation the network administrators are given an unlimited budget to secure the server that is already secure, grant the freedom to hire the most brilliant security consultants ... Now what would the network security professionals do, only on the server end, if they don't want to quit ?
