ooh, i like the sound of those figures methinks I've found a use for our (soon to be) old Novell servers! Now i just need mfxp+ :/ Andrew --o-- >>> lynch00@xxxxxxx 20/05/04 17:01:09 >>> =20 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The cost of hardware is negligible once someone high up understands the security implications. Also, these two services can run on the same server, and don't require much (PIV with 512MB of RAM would be sufficient for almost 1000 connections). And, notice that I said "WI AND SG". I would never recommend running just WI, unless it was for internal users only. Exposing the ICA port to the Internet is just asking for trouble. Especially if you are also wanting Program Neighborhood access (either XML or 1604/UDP). Chris > -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx=20 > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Rogers > Sent: Thursday, May 20, 2004 8:33 AM > To: thin@xxxxxxxxxxxxx=20 > Subject: [THIN] Re: Port/box Security >=20 > Cost of hardware? :) >=20 > And unless i've missed something in my (extremely) brief=20 > reading, but WI on=3D its own still needs the citrix port open=20 > to the net? I get the impression =3D theres a few on this list=20 > with just WI, no CSG? >=20 > Andrew > --o-- >=20 > >>> lynch00@xxxxxxx 20/05/04 16:11:54 >>> > =3D20 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 > Agreed. Why would you NOT run WI and SG to provide user=20 > access to your farm (for both Internal and External users)? =20 > Having the Windows GINA displayed via the ICA protocol isn't=20 > very security conscious. >=20 > Chris=3D20 >=20 > > -----Original Message----- > > From: thin-bounce@xxxxxxxxxxxxx=3D20=20 > > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Paul DeHaan > > Sent: Thursday, May 20, 2004 7:39 AM > > To: thin@xxxxxxxxxxxxx=3D20=20 > > Subject: [THIN] Re: Port/box Security > >=3D20 > > Look at all the latest remotely exploitable security issues=3D20 and= > >worms. =3D3D That should be enough to convince you to at=3D20 =20 > least have=20 > >a perimeter around =3D3D your production environment. =3D20 =20 > Search the web=20 > >there are countless articles =3D3D talking about this. > >=3D20 > > >>> Andrew.Rogers@xxxxxxxxxxxxxxxxxx 05/20/04 09:33AM >>> > > For those that dont have some sort of intermediary between=3D20 the=20 > >internet =3D3D and=3D3D3D their citrix boxes, do you allow=3D20 direct= > >access from the internet? > > Can anyone give any reasoned arguments as to why the servers=3D20 =20 > >shouldnt be =3D3D di=3D3D3D rect on the internet? (only the ica port=3D2= 0 =20 > >redirected from the firewall to =3D3D th=3D3D3D e server) =3D20 Is ther= e=20 > >anything else to avoid this, other than CSG/VPNs? > >=3D20 > > Andrew > > --o-- > >=3D20 > > ******************************************************** > > This Week's Sponsor - Tarantella Secure Global Desktop=3D20 =20 > Tarantella=20 > >Secure Global Desktop Terminal Server Edition Free=3D20 =20 > Terminal Service=20 > >Edition software with 2 years maintenance. > > http://www.tarantella.com/ttba=3D3D20=3D20=20 > > ********************************************************** > > Useful Thin Client Computing Links are available at: > > http://thin.net/links.cfm=3D3D20=3D20=20 > > *********************************************************** > > For Archives, to Unsubscribe, Subscribe or=3D3D20 set Digest or=3D20 = > >Vacation mode use the below link: > > http://thin.net/citrixlist.cfm=3D20=20 > >=3D20 > > ******************************************************** > > This Week's Sponsor - Tarantella Secure Global Desktop=3D20 =20 > Tarantella=20 > >Secure Global Desktop Terminal Server Edition Free=3D20 =20 > Terminal Service=20 > >Edition software with 2 years maintenance. > > http://www.tarantella.com/ttba=3D20=20 > > ********************************************************** > > Useful Thin Client Computing Links are available at: > > http://thin.net/links.cfm=3D20=20 > > *********************************************************** > > For Archives, to Unsubscribe, Subscribe or set Digest or=3D20=20 > Vacation=20 > >mode use the below link: > > http://thin.net/citrixlist.cfm=3D20=20 >=20 > -----BEGIN PGP SIGNATURE----- > Version: PGP 8.0.3 > Comment: Public PGP Key for Chris Lynch >=20 > iQA/AwUBQKzKuW9fg+xq5T3MEQKsmgCgwi8W6Z0gUMupYIAT1YaGMOmuFgwAoKXK > bdw7n/CctZ/HNuLSTbYVm+2T > =3D3DSMaH > -----END PGP SIGNATURE----- >=20 > ******************************************************** > This Week's Sponsor - Tarantella Secure Global Desktop=20 > Tarantella Secure Global Desktop Terminal Server Edition Free=20 > Terminal Service Edition software with 2 years maintenance. > http://www.tarantella.com/ttba=3D20=20 > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm=3D20=20 > *********************************************************** > For Archives, to Unsubscribe, Subscribe or=3D20 set Digest or=20 > Vacation mode use the below link: > http://thin.net/citrixlist.cfm=3D20=20 > =3D20 >=20 >=20 > ******************************************************** > This Week's Sponsor - Tarantella Secure Global Desktop=20 > Tarantella Secure Global Desktop Terminal Server Edition Free=20 > Terminal Service Edition software with 2 years maintenance. > http://www.tarantella.com/ttba=20 > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm=20 > *********************************************************** > For Archives, to Unsubscribe, Subscribe or set Digest or=20 > Vacation mode use the below link: > http://thin.net/citrixlist.cfm=20 -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 Comment: Public PGP Key for Chris Lynch iQA/AwUBQKzWRG9fg+xq5T3MEQJ8qQCeMgcNIc4WQZKgN8bbqpEtRV4FkbwAn33w vx2ojky9NhmfKuC+TKRyTxs0 =3D7Es6 -----END PGP SIGNATURE----- ******************************************************** This Week's Sponsor - Tarantella Secure Global Desktop Tarantella Secure Global Desktop Terminal Server Edition Free Terminal Service Edition software with 2 years maintenance. http://www.tarantella.com/ttba=20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm=20 *********************************************************** For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm=20 =20 ******************************************************** This Week's Sponsor - Tarantella Secure Global Desktop Tarantella Secure Global Desktop Terminal Server Edition Free Terminal Service Edition software with 2 years maintenance. http://www.tarantella.com/ttba ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm