Re: Citrix Web Interface - VPN - public computer...secure??

Hi all, just on a similar topic, how can I find out which user logon
via Citrix Access Gateway at what time through which policy?

CitrixACE in eventvwr does not provide much information, and I prefer
to use any built in logging rather than external software.
Any suggestions?

Thanks in advance.

Wil

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of ? aditya mukadam ?
Sent: Friday, 11 July 2008 2:10 AM
To: Don Joly; security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Citrix Web Interface - VPN - public computer...secure??

First of all let me say comment/compliment that the policy for WebVPN set up is done really well and correctly. It is an absolutely bad idea to allow intranet access from public computers because of reasons like it might have keylogger, virus on it, vulnerable OS which can allow user to hack that public pc ( while you are connected to intranet via
WebVPN) n so on.

If you still want to do it, you can develop seperate group of resources (which won't hurt you n your company if it gets exposed to threats etc) inshort -'not so important resources'. You should create seprate group to allow users to connect to it from public computer if you want to. However, please understand the risks you are taking in such cases.

Remember my friend, security is often compromised for the ease of use !!!

Thanks,
Aditya Govind Mukadam

On Thu, Jul 10, 2008 at 8:47 AM, Don Joly <fuwmanchew@xxxxxxxx> wrote:

We have a Citrix Secure Gateway that some of our employees use for web VPN access from home. The Citrix Gateway provides users with published applications and desktops and has a valid SSL Cert. We have policies that all must sign agreeing to have some type of firewall enabled, OS patches and anti-virus software up to date. The policy also states that no user is to connect to the Citrix Gateway from a "public computer" or from a public hot spot. I've been asked if we could change this policy to allow connections from public computers and hot spots but I'm not sure how secure this would be. Would this be considered safe to allow this type of access? Why or why not?

Thanks,
Don





Relevant Pages

  • Re: Password Expiry Notice not taking effect in Citrix
    ... This setting maps to the registry key you provided so it may not solve anything by doing this with Group Policy but I will test it out today. ... not on the citrix servers so I dont know what the difference is. ... >> The users are gettting a prompt 14 days before it changes when they>> log ...
    (microsoft.public.win2000.group_policy)
  • Need Help on Difficult GPO Requirement
    ... Multiple Global Groups in Domain1 ... application Excel No Desktop. ... During the Citrix access by the ... apply the Excel policy which sets items in the general tab. ...
    (microsoft.public.win2000.group_policy)
  • Re: Password Expiry Notice not taking effect in Citrix
    ... is the citrix machine in the target OU ... The password policy is a bit unique/confusing for one main reason. ... Citrix Servers, it has kept the registry setting as 14. ...
    (microsoft.public.win2000.group_policy)
  • Re: GPO processing? (Additional Info.)
    ... When I use a standard user account the policies ... All this policy provides is a roaming ... citrix policy isn't being applied to a standard user from ...
    (microsoft.public.windows.server.active_directory)
  • Re: Redirection of content
    ... Terminal Services so it likely also possible for Citrix (which ... defaults to their normal profile if not configured. ... > policy, is not the same for all users. ... >>> on to any server in the ou, ...
    (microsoft.public.win2000.active_directory)