[THIN] Re: Risks involved enabling client mapping
- From: Carl Stalhood <cstalhood@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Wed, 17 Jun 2009 09:31:24 -0500
I think the default configuration is to prevent execution of any application
that resides on the client drive. The file (.exe, .bat, .cmd) would have to
be copied to a network drive first and then executed. Once it's on the
network drive, your AV will catch anything malicious.
If security is a primary concern, you could implement an Access Gateway and
configure SmartAccess. For those client machines that comply with your
security standards (pass the endpoint scan), leave client drives enabled. If
the client fails the security scan, disable client drives. This is done
using Citrix Policies and Access Gateway filters.
On Wed, Jun 17, 2009 at 9:24 AM, Hamilton, Ronnie
<ronnie.hamilton@xxxxxxx>wrote:
> Hi
>
> Having a bit of a debate here at the moment on the risks of an unmanaged
> laptop going off site were the user wants to be able to transfer files to
> the local drive from a network drive and back.
>
> With our infrastructure I don’t have NAC or anything like that.
>
> What are the risks if a user can copy files back and forward.
>
> I know that when they copy to a network drive our internal AntiVirus will
> kick in.
>
> what I'm not sure about is there any other way to infect the network when
> this option is enabled.
>
> thanks
>
> Ronnie
>
> Visit our website : www.ltai.ie
>
> __________________________________________
>
> Lufthansa Technik Airmotive Ireland Limited. Registered in Ireland. Reg.
> No. 45999. Registered Office: Naas Road, Rathcoole, Co.Dublin.
>
> Lufthansa Technik Airmotive Ireland Leasing Limited. Registered in Ireland.
> Reg. No. 140891. Registered Office: Naas Road, Rathcoole, Co.Dublin.
>
> __________________________________________
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error, please advise by return email and
> delete all copies of the message.
>
>
>
Other related posts:
