Client / server Model is a network-computing model in which client applications request services from server processes. Clients and servers typically run on different computers interconnected with computer network.

A client application is a process or programme that sends messages to a server via the network. Those messages request the server to perform a specific task, such as looking up a customer record in a database or returning a portion of a file on the server’s hard disk.

The server process or programme listens for client requests that are transmitted via the network. Servers receive those requests and perform actions such as database queries or reading files. Server processes typically run on powerful PCs, workstations or on mainframe computers.

Risks of Client / Server environment

Desktop Computer Data Disclosed:

Someone discloses sensitive information obtained without authorisation. For example, an employee who can obtain sensitive information in the office through an internal system but discloses it to another party without authorisation. As more data is available for downloading and it is easier to download, this risk will increase.

Passwords Compromised by "Trojan Horse" Programme on Computer:

A "Trojan Horse" is a programme that is disguised as something benign to steal information or take other malicious actions in a computer. For example, you download a fake movie or music file from the web but when you click on it, the "Trojan Horse" hidden inside the fake media file steals and sends your credit card numbers and password in your computer to a hacker, or lets that hacker hijack your computer to commit illegal denial of service attacks.

Intruder Exploits Server Vulnerabilities to Gain Access: 

New security vulnerabilities in the Server system appear almost daily. Detailed scripts on how to exploit these vulnerabilities are circulated widely within the hacker community, and patches to fix the problem are sometimes not available for months.

Tips

Clear Information Security Policy and Guidelines:

Information Security Policy and Guidelines should be developed and adopted within an organisation, which defines what information assets should be protected and the responsibilities of both computer users and computer administrators to ensure protection of those assets.

Secure Desktop Computers:

To secure sensitive data on desktop computers, user may adopt desktop access control (e.g. username or password login) and disk encryption software to prevent unauthorised access unless the computers are physically secured.

Server Protection:

Servers must be protected by several measures, such as firewall. Firewall acts as a barrier between server and the network, preventing unauthorised access to the server and network, as well as the intruder from exploiting the server vulnerabilities.

One-time Password:

Privileged users will be required to supplement with token authentication. A token generally uses algorithm to create one-time passwords, which cannot be re-used later even if they are disclosed by network sniffing or "Trojan Horse" programme. A token authentication server provides token authentication services for the server.

Data Encryption:

Encryption is the process of encoding messages (or information) in such a way that eavesdroppers or hackers cannot read it even through the "Trojan Horse", but authorised parties can.