[THIN] speaking of security nazis

  • From: "Wilson, Christopher" <CMWilson@xxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Tue, 25 Aug 2009 09:45:03 -0500

The AppSense conversation reminds me of something else I want to bounce
off you guys.

 

I am working at a company now that places I high priority on security -
perhaps more than I'm used to.  I'm planning a consolidation of several
Citrix farms, one of which resides a DMZ.  A small subset of business
apps are hosted here (Office and files shares really), because it was
deemed too great a risk to provide access to the whole internal Citrix
environment.   The security team believes Citrix Secure Gateway with
single factor authentication doesn't provide enough protection from
external attack and thus won't point it at internal farms.  (This is
foreign to me since I think of this as a limited VPN, and they do have
VPN access.)

 

So here's where I'm interested in your input.  Two-factor authentication
is not in the budget, so not an option.   Is CSG that much of a risk to
merit this kind of concern?  Is CAG sufficiently better to mitigate some
of this concern?  How are others doing it?  My own experience is that
I've seen lots of CSG, a little CAG, and two factor authentication
primarily at larger companies.   

 

I want to be able to roll this DMZ farm internal, and provide the
benefits of remote access for all apps they've been missing out on.  But
I'll have to get past the security guys first.

Other related posts: