[THIN] Re: speaking of security nazis
- From: "Wilson, Christopher" <CMWilson@xxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Tue, 25 Aug 2009 10:22:43 -0500
It seems to be more about their perimeter security philosophy than
anything. Multi-hop DMZ, with three rings to get through before you are
internal. They don't like that it hops right by their perimeter rings.
They also don't like that it runs on Windows, so maybe the CAG would
appease that.
I'm not sure the kind of attack, but the argument goes something like
this. If we provide remote access to this Citrix server, someone could
potentially hack it and get administrative access, and then what? It
seems like an anti-windows bias coming from a unix oriented team. In
this argument, vague as it is, if the server is the vulnerability I
thought I would attack it at the server level. (Obviously we already
patch and run AV). So I brought in AppSense. I thought they would dig
the lock down of processes on the server, and security policies that
filter on client location. They weren't impressed. They want something
else that sits in the DMZ as a barrier.
This team has apparently been pretty dogmatic about their policies, but
I am hoping to find someone who will reason with me :-). I appreciate
you guys helping me make my case.
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Robert K Coffman Jr. -Info From Data Corp.
Sent: Tuesday, August 25, 2009 10:04 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: speaking of security nazis
>The security team believes Citrix Secure Gateway with single factor
authentication doesn't provide enough protection from external attack
What kind of attack are they trying to prevent?
Both CSG and CAG use SSL... With the CAG you could limit the exposure
of WI to the internet. I don't know CAG that well (yet), but other
than that I don't know that it is more secure than CSG.
- Bob Coffman
Other related posts:
- » [THIN] speaking of security nazis- Wilson, Christopher
- » [THIN] Re: speaking of security nazis- Robert K Coffman Jr. -Info From Data Corp.
- » [THIN] Re: speaking of security nazis- Greg Reese
- » [THIN] Re: speaking of security nazis - Wilson, Christopher
- » [THIN] Re: speaking of security nazis- Wilson, Christopher
- » [THIN] Re: speaking of security nazis- Greg Reese
- » [THIN] Re: speaking of security nazis- Berny Stapleton
- » [THIN] Re: speaking of security nazis- Greg Reese
- » [THIN] Re: speaking of security nazis- Berny Stapleton
- » [THIN] Re: speaking of security nazis- Greg Reese
- » [THIN] Re: speaking of security nazis- Hutchinson, Alan
- » [THIN] Re: speaking of security nazis- Berny Stapleton
- » [THIN] Re: speaking of security nazis- Jeff Pitsch
- » [THIN] Re: speaking of security nazis- Andrew Wood
- » [THIN] Re: speaking of security nazis- Kevin Stewart
- » [THIN] Re: speaking of security nazis- Wilson, Christopher
- » [THIN] Re: speaking of security nazis- Wilson, Christopher
- » [THIN] Re: speaking of security nazis- Kevin Stewart
- » [THIN] Re: speaking of security nazis- Wilson, Christopher
- » [THIN] Re: speaking of security nazis- Warren Simondson
- » [THIN] Re: speaking of security nazis- Magnus Hjorleifsson
- » [THIN] Re: speaking of security nazis- Magnus Hjorleifsson
- » [THIN] Re: speaking of security nazis- Jon Wallace
- » [THIN] Re: speaking of security nazis- Andrew Wood
- » [THIN] Re: speaking of security nazis- Andrew Wood
- » [THIN] Re: speaking of security nazis- Andrew Wood
- » [THIN] Re: speaking of security nazis- Andrew Wood
- » [THIN] Re: speaking of security nazis- Magnus Hjorleifsson
- » [THIN] Re: speaking of security nazis- Magnus Hjorleifsson
- » [THIN] Re: speaking of security nazis- Andrew Wood
- » [THIN] Re: speaking of security nazis- Foster, Bill
- » [THIN] Re: speaking of security nazis- Berny Stapleton
- » [THIN] Re: speaking of security nazis- Foster, Bill
- » [THIN] Re: speaking of security nazis- Andrew Wood
- » [THIN] Re: speaking of security nazis- Foster, Bill
- » [THIN] Re: speaking of security nazis- Adam Thompson