[THIN] Re: Citrix_Secure_Gateway_Datasheet.pdf

• From: "Joe Shonk" <JShonk@xxxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Wed, 29 Jan 2003 08:45:43 -0800

A router is a gateway.  Just about every IP host has a Default gateway =
to route traffic that destined for another subnet.  Not all =
routers/gateway can/do perform IP/Port/Application filtering.  Most =
gateways just route traffic, and that's precisely what CSG does.  Thaw =
with a Ticketing Authority and Encrypted traffic.

If you want to control the Virtual Channels,  you can setup custom ica =
listeners on the Metaframe server to allow client drive mappings, but =
not auto-created printers.  This is just one way to accomplish this, =
granted there are more.

It would be very difficult to create malformed ICA Packet then hi-jack a =
128bit SSL session, after being authenticated. (Username/Password =
through NFuse and STA)

To answer your question if CSG should be complemented with another =
security component.  Yes, the use of a Firewall to protect the internal =
network (DMZ too...NFUSE and CSG) is highly recommended.  The NFuse web =
server should be hardened and locked down.  There are some good Third =
Party tools that are great at doing this.

Joe

-----Original Message-----
From: Diego [mailto:salsorro@xxxxxxxxxxx]
Sent: Wednesday, January 29, 2003 1:59 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Citrix_Secure_Gateway_Datasheet.pdf



Hi guys,
in my opinion, CSG might not be called a secure gateway.
My concept of gateway is something that complements the IP filtering of =
the
firewalls in the DMZ with filtering at application level and that =
restricts
the traffic applying rules that understand the commands that are in =
higher
layers than TCP (for instance, an smtp gateway might block an email with
attachments, or allow only some subset of the smpt commands). Since CSG =
is a
tool that -after authentication and ticketing- allows all ICA traffic to
pass the DMZ without restriction, it shouldn't be considered as a true
secure gateway. It's not possible to restrict which ICA virtual channels =
are
being used, it doesn't block malformed ICA packets, etc

It's just a tool to use 443 traffic and a single point of access from =
the
Internet. As far as security is concerned, CSG must be complemented with
some other security components.

What do you think?


----- Original Message -----
From: "Seitz, Linden" <L.Seitz@xxxxxxx>
To: "Thin@Freelists. Org (E-mail)" <thin@xxxxxxxxxxxxx>
Sent: Tuesday, January 28, 2003 8:34 PM
Subject: [THIN] Citrix_Secure_Gateway_Datasheet.pdf


>
> In reviewing the Citrix_Secure_Gateway_Datasheet.pdf, it indicates =
that
CSG
> provides a secure gateway to secure all ICA traffic at the DMZ, but =
falls
> short of being classified as a "full VPN".  Anyone know in what areas =
it
> specifically falls short?
>
>
>
>
>
*************************************************************************=
**
> This Week's Sponsor: New Wyse(R) Expedian(TM)software maximizes your
server capacity--cost-effectively. Now you can dramatically increase the
number of users on a server by as much as 40%--and reduce the number of
servers you have to manage. By optimizing memory usage, Wyse Expedian
software allows the terminal server to support more applications and =
more
concurrentusers. Download your 30-day free trial today at:
>
http://www.wyse.com/expedian/eval.cfm?promo=3DUS-Ad-0103TheThinNetNewslet=
terEM
>
*************************************************************************=
***
>
>
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link:
> http://thethin.net/citrixlist.cfm
>
*************************************************************************=
**
This Week's Sponsor: New Wyse(R) Expedian(TM)software maximizes your =
server capacity--cost-effectively. Now you can dramatically increase the =
number of users on a server by as much as 40%--and reduce the number of =
servers you have to manage. By optimizing memory usage, Wyse Expedian =
software allows the terminal server to support more applications and =
more concurrentusers. Download your 30-day free trial today at:
http://www.wyse.com/expedian/eval.cfm?promo=3DUS-Ad-0103TheThinNetNewslet=
terEM
*************************************************************************=
***


For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
***************************************************************************
This Week's Sponsor: New Wyse(R) Expedian(TM)software maximizes your server 
capacity--cost-effectively. Now you can dramatically increase the number of 
users on a server by as much as 40%--and reduce the number of servers you have 
to manage. By optimizing memory usage, Wyse Expedian software allows the 
terminal server to support more applications and more concurrentusers. Download 
your 30-day free trial today at:
http://www.wyse.com/expedian/eval.cfm?promo=US-Ad-0103TheThinNetNewsletterEM
****************************************************************************


For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts:

• » [THIN] Citrix_Secure_Gateway_Datasheet.pdf
• » [THIN] Re: Citrix_Secure_Gateway_Datasheet.pdf
• » [THIN] Re: Citrix_Secure_Gateway_Datasheet.pdf
• » [THIN] Re: Citrix_Secure_Gateway_Datasheet.pdf
• » [THIN] Re: Citrix_Secure_Gateway_Datasheet.pdf
• » [THIN] Re: Citrix_Secure_Gateway_Datasheet.pdf
• » [THIN] Re: Citrix_Secure_Gateway_Datasheet.pdf
• » [THIN] Re: Citrix_Secure_Gateway_Datasheet.pdf
• » [THIN] Re: Citrix_Secure_Gateway_Datasheet.pdf
• » [THIN] Re: Citrix_Secure_Gateway_Datasheet.pdf
• » [THIN] Re: Citrix_Secure_Gateway_Datasheet.pdf

1. Home
2. thin
3. Archive
4. 01-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---