Answer
To increase the security for the client / server technology, an IS auditor should ensure that the following control techniques are in places;
• Access to data and application is secured by disabling the floppy disk drive.
• Risk less work station prevents unauthorized access.
• Unauthorized users may be prevented from overriding login scripts and access by securing automatic boot or start up batch files.
• Network monitoring can be done to know about the client so that it will be helpful for later investigation. Various monitoring devices are used for this purpose. Since this is a detective control technique, the network administrator must continuously monitor the activities and maintain the devices, otherwise these tools become useless.
• Data encryption techniques are used to protect data from unauthorized access.
• Authentication systems can be provided to a client so that they can enter into system only by entering login name and password.
• Smart cards can be used. It uses intelligent hand held devices and encryption techniques to decipher random codes provided by the client server based operating systems.
• Application controls may be used and users will be limited to access only those functions in the system that is required to perform their duties.