To increase the security for the client/ server technology, an IS auditor should ensure that the following control techniques are in place;
• Access to data and application is secured disabling the floppy disk drive.
• Disk less workstation prevents unauthorized access.
• Unauthorized users may be prevented from overriding login scripts and access securing automatic boot or start up batch files.
• Network monitoring can be done to know about the client so that it will be helpful for later investigation, if it is monitored properly. Various monitoring devices are used for this purpose. Since, this is a detective control technique, the network administrator must continuously monitor the activities and maintain the devices, otherwise these tools become useless.
• Data encryption techniques are used to protect data from unauthorized access.
• Authentication systems can be provided to a client so that they can enter into system only entering login name and password.
• Smart cards can be used. It uses intelligent hand held devices and encryption techniques to decipher random codes provided the client server based operating systems.
• Application controls may be used and users will be limited to access only those functions in the system that is required to perform their duties.