[THIN] Re: 2003
- From: "Depp, Dennis M." <deppdm@xxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Thu, 14 Oct 2004 06:45:48 -0400
You can get past the cert issue by using IPSEC. This would allow you to verify
the client is a trusted client. I'm not sure how to do the virus check.
Dennis
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of BRUTON, Malcolm, FM
> Sent: Thursday, October 14, 2004 5:01 AM
> To: 'thin@xxxxxxxxxxxxx'
> Subject: [THIN] Re: 2003
>
> This is an interesting thread. Something that we are looking
> at but our
> security guys are not so keen on CSG. We need something like
> a local cert
> so that only a trusted machine can use CSG. We also need to
> know that the
> machine has say a virus product and possibly a firewall
> running before they
> can use CSG. Security guys reasons are that there could be a
> screen scraper
> or keyboard logger pulling vital information. I mean CSG is
> more secure
> than most solutions but if the machine that you are connecting from is
> compromised it could still spell problems. Has anybody got
> any ideas how to
> get round this? i.e. only allow CSG from company supplied
> laptops rather
> than from say an Internet café. How we can run it with
> workstation certs
> and server certs and know that virus protection is running.
> Our security
> guys lean towards SLL/VPN's because you can look for local certs virus
> protection etc before establishing the connection and in
> theory know that
> the machine is safe before allowing a connection.
>
> Thoughts?
>
> Malcolm
>
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
> Of Alexander Danilychev
> Sent: 13 October 2004 18:41
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: 2003
>
> One of CSG advantages is the SSL protection from "man in the middle"
> attacks. However, to realize full SSL potential both server
> and client
> should have private certificates - not just the server (which
> is the case in
>
> 99% of cases - server has private cert and client has access
> to server's
> public cert). Unfortunately this is hard to achieve with
> outside users where
>
> connection security is the most vulnerable.
>
> Regarding "pure" ICA versus RDP - Citrix is relying on Microsoft's
> encryption providers/technology (certainly on Windows) and
> thus it is hard to expect any advantages of ICA over RDP.
>
> ALEX
>
> >From: "Jeff Pitsch" <jpitsch@xxxxxxx>
> >Reply-To: thin@xxxxxxxxxxxxx
> >To: <thin@xxxxxxxxxxxxx>
> >Subject: [THIN] Re: 2003
> >Date: Wed, 13 Oct 2004 11:48:25 -0400
> >
> >While both have encryption you can turn on, I would say with CSG your
> >stream is more secure.
> >
> >Jeff Pitsch
> >
> >-----Original Message-----
> >From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
> >Behalf Of Bill Beckett
> >Sent: Wednesday, October 13, 2004 11:35 AM
> >To: 'thin@xxxxxxxxxxxxx'
> >Subject: [THIN] 2003
> >
> >Back to the 2003 RDP vs Citrix ICA debate. If accessing
> published apps
> >or
> >desktops across the WAN, isn't ICA more secure or I should
> say can't you
> >make ICA more secure with Secure Gateway? Or is that not an accurate
> >assessment?
> >
> >********************************************************
> >This Weeks Sponsor RTO Software
> >Do you know which applications are abusing your CPU and memory?
> >Would you like to learn? -- Free for a limited time!
> >Get the RTO Performance Analyzer to quickly learn the
> applications, users,
> >and time of day possible problems exist.
> >http://www.rtosoft.com/enter.asp?id20
> >**********************************************************
> >Useful Thin Client Computing Links are available at:
> >http://thin.net/links.cfm
> >***********************************************************
> >For Archives, to Unsubscribe, Subscribe or
> >set Digest or Vacation mode use the below link:
> >http://thin.net/citrixlist.cfm
>
>
> ********************************************************
> This Weeks Sponsor RTO Software
> Do you know which applications are abusing your CPU and memory?
> Would you like to learn? -- Free for a limited time!
> Get the RTO Performance Analyzer to quickly learn the
> applications, users,
> and time of day possible problems exist.
> http://www.rtosoft.com/enter.asp?id=320
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link:
> http://thin.net/citrixlist.cfm
>
>
> **************************************************************
> *********************
> The Royal Bank of Scotland plc. Registered in Scotland No
> 90312. Registered Office: 36 St Andrew Square,
> Edinburgh EH2 2YB.
> Authorised and regulated by the Financial Services Authority
>
> This e-mail message is confidential and for use by the
> addressee only. If the message is received by
> anyone other
> than the addressee, please return the message to the sender
> by replying to it and then delete the message from your
> computer. Internet e-mails are not necessarily
> secure. The Royal Bank of Scotland plc does not
> accept responsibility for
> changes made to this message after it was sent.
>
>
>
> Whilst all reasonable care has been taken to avoid the
>
> transmission of viruses, it is the responsibility of the
> recipient to
> ensure that the onward transmission, opening or use of this
>
> message and any attachments will not adversely affect its
>
> systems or data. No responsibility is accepted by The Royal
>
> Bank of Scotland plc in this regard and the recipient should carry
> out such virus and other checks as it considers appropriate.
>
>
> Visit our
> websites at:
>
> http://www.rbs.co.uk/CBFM
>
> http://www.rbsmarkets.com
>
>
>
> **************************************************************
> ******************
>
> ********************************************************
> This Weeks Sponsor RTO Software
> Do you know which applications are abusing your CPU and memory?
> Would you like to learn? -- Free for a limited time!
> Get the RTO Performance Analyzer to quickly learn the
> applications, users,
> and time of day possible problems exist.
> http://www.rtosoft.com/enter.asp?id20
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link:
> http://thin.net/citrixlist.cfm
>
********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? -- Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications, users,
and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id20
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
