Re: Securing Citrix NFuse and IIS 5

From: Kevin Spett (kspett@spidynamics.com)
Date: 10/21/02


From: "Kevin Spett" <kspett@spidynamics.com>
To: <focus-ms@securityfocus.com>, <auto300258@hushmail.com>
Date: Mon, 21 Oct 2002 14:03:12 -0400

Here's a list of links that detail some known Citrix issues at the
web-layer. These are just known issues, keep in mind that there may be all
kinds of Citrix web application problems that haven't been found yet. If I
were you I'd go through the .asp/.jsp source files before deploying it.

http://www.securiteam.com/securitynews/5RP0L2K6KO.html
http://www.securiteam.com/securitynews/5XP061F4UE.html
http://www.securiteam.com/windowsntfocus/5ZP0L0U61G.html
http://cert.uni-stuttgart.de/archive/bugtraq/2002/03/msg00398.html

Kevin Spett
SPI Labs
http://www.spidynamics.com/

----- Original Message -----
From: <auto300258@hushmail.com>
To: <focus-ms@securityfocus.com>
Sent: Friday, October 18, 2002 12:21 PM
Subject: Securing Citrix NFuse and IIS 5

>
> I'm working on a pilot deployment of Citrix with its NFuse component on
Win2000 to allows remote users to access our LAN via web browser. NFuse uses
IIS 5 installed on the same machine to deliver all of our applications to
the remote user.
>
> Is there anything special to know about hardening IIS 5 in conjunction
with NFuse that anyone here has any experience with? What about a good white
paper on hardening IIS 5, besides what Microsoft has on their web site?
>
> Has anyone used EEye's SecureIIS product with NFuse/IIS5? I've heard very
good things about it and hope it might be useful here.
>
> Thanks for any information you might be able to provide.
>
> Regards.
>
>
>
> Get your free encrypted email at https://www.hushmail.com
>



Relevant Pages

  • RE: Securing Citrix NFuse and IIS 5
    ... Citrix has a Product call Citrix Secure Gateway that uses SSL ... I'm working on a pilot deployment of Citrix with its NFuse component on ... IIS 5 installed on the same machine to deliver all of our applications to ...
    (Focus-Microsoft)
  • RE: Securing Citrix NFuse and IIS 5
    ... NFUSE 1.7 doesn't really add a whole lot of vulnerability points to an IIS ... Harden the IIS server, ... Use SSL for communications between your NFUSE server and Citrix Data ...
    (Focus-Microsoft)
  • FW: Win2K security roll out package and citrix xp
    ... I found this same this same problem with Citrix XP, running NFuse v1.5. ... --Citrix NFuse web server serving the access to the Published Applications ... environment, and probably shows, yet again, why ALL patches and updates need ...
    (NT-Bugtraq)
  • RE: This time, how secure is Citrix?
    ... to your Citrix system than from any PC on the Internet. ... RSA SecureID also integrates with NFUSE. ... This time, how secure is Citrix? ...
    (Security-Basics)
  • RE: Securing Citrix NFuse and IIS 5
    ... >Citrix has a Product call Citrix Secure Gateway that uses SSL ... >I'm working on a pilot deployment of Citrix with its NFuse component ... >Is there anything special to know about hardening IIS 5 in conjunction ...
    (Focus-Microsoft)