Answer
To increase the security for the client / server technology, an Information System auditor should ensure that the following control techniques are in places;
• Access to data and application is secured by disabling the floppy disk drive.
• Risk less work station prevents unauthorized access.
• Unauthorized users may be prevented from overriding login scripts and access by securing automatic boot or start up batch files.
• Network monitoring can be done to know about the client so that it will be helpful for later investigation, if it is monitored properly. Various monitoring devices are used for this purpose. Since this is a detective control technique, the network administrator must continuously monitor the activities and maintain the devices, otherwise these tools become useless.
• Data encryption techniques are used to protect data from unauthorized access.
• Authentication systems can be provided to a client so that they can enter into system only by entering login name and password.
• Smart cards can be used. It uses intelligent hand held devices and encryption techniques to decipher random codes provided by the client server based operating systems.
• Application controls may be used and users will be limited to access only those functions in the system that is required to perform their duties.