RE: This time, how secure is Citrix?

From: Javier Otero De Alba (jotero_at_smartekh.com)
Date: 11/19/04

  • Next message: Herbold, John W.: "RE: Securing Printers" 
    Date: Fri, 19 Nov 2004 15:41:00 -0600
To: "Cesar Diaz" <cdiaz00@gmail.com>, "sec-basic list" <security-basics@securityfocus.com>

    The big problem is the platform under Citrix runs, it must be very well configured and patched.
    Remember: minimun privilege, AAA.

    Ing. Fco. Javier Otero De Alba
    Diplomado en Seguridad Informática ITESM CEM
    ITStrap
    Product Manager
    Juniper Secure Access SSL

    5243-4782 al 84 Ext.300
    México, D.F.

    -----Mensaje original-----
    De: Cesar Diaz [mailto:cdiaz00@gmail.com]
    Enviado el: Viernes, 19 de Noviembre de 2004 10:48 a.m.
    Para: sec-basic list
    Asunto: This time, how secure is Citrix?

    List,

    I asked a question a few days ago about how secure VPN access is for
    home users on their own home PCs. I received many helpful answers.
    Thank you all for that.

    I also want to ask everyones opinion on how secure remote access
    through Citrix can be.

    We use Citrix MetaFrame XP available through Nfuse available thorugh a
    public IP address. The Nfuse website is secured with 128-bit SSL.
    Our firewall only allows port 443 to access the server through that
    IP.

    The concern now isn't as much the possibility of viruses, worm, etc.
    spreading since this is not a direct connection to our LAN like a VPN.
     The concern is that if a hacker has gained access to the users home
    computer, then they can access the resources on the network that the
    user accesses.

    The idea has been floated of running a script when the user connects
    that deletes their default route to the Internet, then adds a route
    directly to our network. This should theoretically remove access to
    their machine from the Internet. We would run an exit script that
    reverses this so they get their connectivity back.

    Thanks again for any advice,

    Cesar Diaz

  • Next message: Herbold, John W.: "RE: Securing Printers"

    Relevant Pages

    • Re: Security Architecture & security tests
      ... > To: Cesar Diaz ... >> I also want to ask everyones opinion on how secure remote access ... >> through Citrix can be. ... >> their machine from the Internet. ...
      (Security-Basics)
    • Re: How to get rid of "You are about to leave a secure internet" msg
      ... "Warn if changing between secure and not secure mode." ... We use a feature of Citrix called anonymous logins whereby the user does ... The reason being since we use anonymous accounts to login to our citrix ... any settings are lost as well... ...
      (microsoft.public.windows.inetexplorer.ie6.browser)
    • Security Architecture & security tests
      ... This time, how secure is Citrix? ... > that deletes their default route to the Internet, ... > their machine from the Internet. ...
      (Security-Basics)
    • Re: This time, how secure is Citrix?
      ... days with all the mal and spyware getting installed on computers, ... > I also want to ask everyones opinion on how secure remote access ... > through Citrix can be. ... > their machine from the Internet. ...
      (Security-Basics)
    • RE: This time, how secure is Citrix?
      ... to your Citrix system than from any PC on the Internet. ... RSA SecureID also integrates with NFUSE. ... This time, how secure is Citrix? ...
      (Security-Basics)