[THIN] Re: UNC Blocking with external access only

The blocking using LMhosts works fine.  Until you have several terabytes of
data on a host.  We use quite a few netapp filers and hence most of our data
is on several filers.  Only practical way would be based on sharename rather
than hostname.   
 
Of course we need this to apply to a few machines only but ideally to apply
depending on what the source IP of the request was from.  Internal means
safe and external IP means check some rules before deciding it's safe or
not.  And in some cases depending on what the data was always block if
external.
 
Malcolm

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Andrew Wood
Sent: 07 September 2006 11:33
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: UNC Blocking with external access only


I thought AAC would allow you to do clever checks on the endpoint - I didn't
realise it'd be able to modify functionality within an individual published
application?
 
The way I was thinking of would be to redirect your users to different
citrix servers based on their source location. The sensitive users would be
directed to servers with an lmhosts file that 'blocked' the UNC by
overriding the source name's IP resolution. 
 
messy mind.

  _____  

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Jeff Pitsch
Sent: 06 September 2006 18:41
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: UNC Blocking with external access only


The only way that I'm aware of to control that type of access through
Presetnation Server is using AAC.  You can then use the filters within AAC
on your published applications.
 

Jeff Pitsch
Microsoft MVP - Terminal Server
Provision Networks VIP

Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com <http://jeffpitschconsulting.com/> 



 
On 9/6/06, BRUTON, Malcolm, GBM <Malcolm.BRUTON@xxxxxxxx
<mailto:Malcolm.BRUTON@xxxxxxxx> > wrote: 

I asumme this is if you are publishing folders on Juniper?  We publish
Citrix apps on Juniper only....So the control really needs to be within the
citrix session.  
 
Further ideas?


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx>  [mailto:
<mailto:thin-bounce@xxxxxxxxxxxxx> thin-bounce@xxxxxxxxxxxxx] On Behalf Of
Andrew Wood
Sent: 06 September 2006 14:07
To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> 

Subject: [THIN] Re: UNC Blocking with external access only




A Juniper device'll let you do it as well won't it? You can allow unc access
and then define roles that would allow access to those resources. You could
either allow full network browse access - or publish the folder themselves
iirc. 

  _____  

From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx>  [mailto:
<mailto:thin-bounce@xxxxxxxxxxxxx> thin-bounce@xxxxxxxxxxxxx] On Behalf Of
BRUTON, Malcolm, GBM
Sent: 06 September 2006 13:51
To: '  <mailto:thin@xxxxxxxxxxxxx> thin@xxxxxxxxxxxxx'
Subject: [THIN] UNC Blocking with external access only

 
All
 
We are after a product that will allow us block sensitive unc's for users.
This of course needs to differ depending on if the user is internal or
external. 
 
When they are external they connect to Citrix via Juniper.  When they are
internal they use either normal desktops or Citrix.
 
I believe by using CAG with AAC we can do this. 
 
Can anybody suggest any other software\hardware\methods that we could to
achieve this?
 
Malcolm
****************************************************************************
*******

The Royal Bank of Scotland plc. Registered in Scotland No 90312. Registered
Office: 36 St Andrew Square, Edinburgh EH2 2YB. 

Authorised and regulated by the Financial Services Authority 

 

This e-mail message is confidential and for use by the 

addressee only. If the message is received by anyone other 

than the addressee, please return the message to the sender 

by replying to it and then delete the message from your 

computer. Internet e-mails are not necessarily secure. The 

Royal Bank of Scotland plc does not accept responsibility for 

changes made to this message after it was sent. 



Whilst all reasonable care has been taken to avoid the 

transmission of viruses, it is the responsibility of the recipient to 

ensure that the onward transmission, opening or use of this 

message and any attachments will not adversely affect its 

systems or data. No responsibility is accepted by The 

Royal Bank of Scotland plc in this regard and the recipient should carry 

out such virus and other checks as it considers appropriate. 

Visit our websites at: 

http://www.rbos.com <http://www.rbos.com/> 

http://www.rbsmarkets.com <http://www.rbsmarkets.com/>  

****************************************************************************
*******




Other related posts: