RE: Securing Citrix NFuse and IIS 5

From: Henry Sieff (hsieff@orthodon.com)
Date: 10/19/02


From: Henry Sieff <hsieff@orthodon.com>
To: "'auto300258@hushmail.com'" <auto300258@hushmail.com>, focus-ms@securityfocus.com
Date: Fri, 18 Oct 2002 17:38:51 -0500

A couple more points I forgot to mention:

1) You must lock down the actual Citrix Servers: All those privelege
elevation/local only exploits you thought you didn't need to worry about
because you trust your users and nobody can get a local logon? Well, guess
what: they are now an actual risk. There are many good guides to locking
down citrix servers themselves; the Brian Madden book has a good one.

2) Treat those citrix servers (or the secure gateway) the same way you would
treat a VPN host in terms of where you place it. Use IDS to sniff all the
traffic going in and out.

> -----Original Message-----
> From: auto300258@hushmail.com [mailto:auto300258@hushmail.com]
> Sent: Friday, October 18, 2002 10:22 AM
> To: focus-ms@securityfocus.com
> Subject: Securing Citrix NFuse and IIS 5
>
>
>
> I'm working on a pilot deployment of Citrix with its NFuse
> component on Win2000 to allows remote users to access our LAN
> via web browser. NFuse uses IIS 5 installed on the same
> machine to deliver all of our applications to the remote user.
>
> Is there anything special to know about hardening IIS 5 in
> conjunction with NFuse that anyone here has any experience
> with? What about a good white paper on hardening IIS 5,
> besides what Microsoft has on their web site?
>
> Has anyone used EEye's SecureIIS product with NFuse/IIS5?
> I've heard very good things about it and hope it might be useful here.
>
> Thanks for any information you might be able to provide.
>
> Regards.
>
>
>
> Get your free encrypted email at https://www.hushmail.com
>



Relevant Pages

  • Securing Citrix NFuse and IIS 5
    ... I'm working on a pilot deployment of Citrix with its NFuse component on Win2000 to allows remote users to access our LAN via web browser. ... Is there anything special to know about hardening IIS 5 in conjunction with NFuse that anyone here has any experience with? ...
    (Focus-Microsoft)
  • Re: Securing Citrix NFuse and IIS 5
    ... kinds of Citrix web application problems that haven't been found yet. ... Securing Citrix NFuse and IIS 5 ... Win2000 to allows remote users to access our LAN via web browser. ... paper on hardening IIS 5, besides what Microsoft has on their web site? ...
    (Focus-Microsoft)