[THIN] Re: Port/box Security

  • From: "Andrew Rogers" <Andrew.Rogers@xxxxxxxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Thu, 20 May 2004 17:06:13 +0100

ooh, i like the sound of those figures

methinks I've found a use for our (soon to be) old Novell servers!

Now i just need mfxp+ :/

Andrew
--o--

>>> lynch00@xxxxxxx 20/05/04 17:01:09 >>>
=20
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The cost of hardware is negligible once someone high up understands
the security implications.  Also, these two services can run on the
same server, and don't require much (PIV with 512MB of RAM would be
sufficient for almost 1000 connections).

And, notice that I said "WI AND SG".  I would never recommend running
just WI, unless it was for internal users only.  Exposing the ICA
port to the Internet is just asking for trouble.  Especially if you
are also wanting Program Neighborhood access (either XML or
1604/UDP).

Chris

> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx=20
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Rogers
> Sent: Thursday, May 20, 2004 8:33 AM
> To: thin@xxxxxxxxxxxxx=20
> Subject: [THIN] Re: Port/box Security
>=20
> Cost of hardware? :)
>=20
> And unless i've missed something in my (extremely) brief=20
> reading, but WI on=3D  its own still needs the citrix port open=20
> to the net? I get the impression =3D theres a few on this list=20
> with just WI, no CSG?
>=20
> Andrew
> --o--
>=20
> >>> lynch00@xxxxxxx 20/05/04 16:11:54 >>>
> =3D20
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
> Agreed.  Why would you NOT run WI and SG to provide user=20
> access to your farm (for both Internal and External users)? =20
> Having the Windows GINA displayed via the ICA protocol isn't=20
> very security conscious.
>=20
> Chris=3D20
>=20
> > -----Original Message-----
> > From: thin-bounce@xxxxxxxxxxxxx=3D20=20
> > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Paul DeHaan
> > Sent: Thursday, May 20, 2004 7:39 AM
> > To: thin@xxxxxxxxxxxxx=3D20=20
> > Subject: [THIN] Re: Port/box Security
> >=3D20
> > Look at all the latest remotely exploitable security issues=3D20  and=
>
  >worms.  =3D3D That should be enough to convince you to at=3D20 =20
> least have=20
> >a perimeter around =3D3D your production environment. =3D20 =20
> Search the web=20
> >there are countless articles =3D3D talking about this.
> >=3D20
> > >>> Andrew.Rogers@xxxxxxxxxxxxxxxxxx 05/20/04 09:33AM >>>
> > For those that dont have some sort of intermediary between=3D20  the=20
> >internet =3D3D and=3D3D3D  their citrix boxes, do you allow=3D20  direct=
>
  >access from the internet?
> > Can anyone give any reasoned arguments as to why the servers=3D20 =20
> >shouldnt be =3D3D di=3D3D3D rect on the internet? (only the ica port=3D2=
0 =20
> >redirected from the firewall to =3D3D th=3D3D3D e server) =3D20  Is ther=
e=20
> >anything else to avoid this, other than CSG/VPNs?
> >=3D20
> > Andrew
> > --o--
> >=3D20
> > ********************************************************
> > This Week's Sponsor - Tarantella Secure Global Desktop=3D20 =20
> Tarantella=20
> >Secure Global Desktop Terminal Server Edition Free=3D20 =20
> Terminal Service=20
> >Edition software with 2 years maintenance.
> > http://www.tarantella.com/ttba=3D3D20=3D20=20
> > **********************************************************
> > Useful Thin Client Computing Links are available at:
> > http://thin.net/links.cfm=3D3D20=3D20=20
> > ***********************************************************
> > For Archives, to Unsubscribe, Subscribe or=3D3D20 set Digest or=3D20 =
>
  >Vacation mode use the below link:
> > http://thin.net/citrixlist.cfm=3D20=20
> >=3D20
> > ********************************************************
> > This Week's Sponsor - Tarantella Secure Global Desktop=3D20 =20
> Tarantella=20
> >Secure Global Desktop Terminal Server Edition Free=3D20 =20
> Terminal Service=20
> >Edition software with 2 years maintenance.
> > http://www.tarantella.com/ttba=3D20=20
> > **********************************************************
> > Useful Thin Client Computing Links are available at:
> > http://thin.net/links.cfm=3D20=20
> > ***********************************************************
> > For Archives, to Unsubscribe, Subscribe or set Digest or=3D20=20
>  Vacation=20
> >mode use the below link:
> > http://thin.net/citrixlist.cfm=3D20=20
>=20
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.3
> Comment: Public PGP Key for Chris Lynch
>=20
> iQA/AwUBQKzKuW9fg+xq5T3MEQKsmgCgwi8W6Z0gUMupYIAT1YaGMOmuFgwAoKXK
> bdw7n/CctZ/HNuLSTbYVm+2T
> =3D3DSMaH
> -----END PGP SIGNATURE-----
>=20
> ********************************************************
> This Week's Sponsor - Tarantella Secure Global Desktop=20
> Tarantella Secure Global Desktop Terminal Server Edition Free=20
> Terminal Service Edition software with 2 years maintenance.
> http://www.tarantella.com/ttba=3D20=20
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm=3D20=20
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or=3D20 set Digest or=20
> Vacation mode use the below link:
> http://thin.net/citrixlist.cfm=3D20=20
> =3D20
>=20
>=20
> ********************************************************
> This Week's Sponsor - Tarantella Secure Global Desktop=20
> Tarantella Secure Global Desktop Terminal Server Edition Free=20
> Terminal Service Edition software with 2 years maintenance.
> http://www.tarantella.com/ttba=20
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm=20
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or set Digest or=20
> Vacation mode use the below link:
> http://thin.net/citrixlist.cfm=20

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
Comment: Public PGP Key for Chris Lynch

iQA/AwUBQKzWRG9fg+xq5T3MEQJ8qQCeMgcNIc4WQZKgN8bbqpEtRV4FkbwAn33w
vx2ojky9NhmfKuC+TKRyTxs0
=3D7Es6
-----END PGP SIGNATURE-----


********************************************************
This Week's Sponsor - Tarantella Secure Global Desktop
Tarantella Secure Global Desktop Terminal Server Edition
Free Terminal Service Edition software with 2 years maintenance.
http://www.tarantella.com/ttba=20
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm=20
***********************************************************
For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm=20
=20

********************************************************
This Week's Sponsor - Tarantella Secure Global Desktop
Tarantella Secure Global Desktop Terminal Server Edition
Free Terminal Service Edition software with 2 years maintenance.
http://www.tarantella.com/ttba
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts:

  1. Home
  2. thin
  3. Archive
  4. 05-2004