[THIN] Re: 2003
- From: "BRUTON, Malcolm, FM" <Malcolm.BRUTON@xxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Thu, 14 Oct 2004 10:01:06 +0100
This is an interesting thread. Something that we are looking at but our
security guys are not so keen on CSG. We need something like a local cert
so that only a trusted machine can use CSG. We also need to know that the
machine has say a virus product and possibly a firewall running before they
can use CSG. Security guys reasons are that there could be a screen scraper
or keyboard logger pulling vital information. I mean CSG is more secure
than most solutions but if the machine that you are connecting from is
compromised it could still spell problems. Has anybody got any ideas how to
get round this? i.e. only allow CSG from company supplied laptops rather
than from say an Internet café. How we can run it with workstation certs
and server certs and know that virus protection is running. Our security
guys lean towards SLL/VPN's because you can look for local certs virus
protection etc before establishing the connection and in theory know that
the machine is safe before allowing a connection.
Thoughts?
Malcolm
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Alexander Danilychev
Sent: 13 October 2004 18:41
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: 2003
One of CSG advantages is the SSL protection from "man in the middle"
attacks. However, to realize full SSL potential both server and client
should have private certificates - not just the server (which is the case in
99% of cases - server has private cert and client has access to server's
public cert). Unfortunately this is hard to achieve with outside users where
connection security is the most vulnerable.
Regarding "pure" ICA versus RDP - Citrix is relying on Microsoft's
encryption providers/technology (certainly on Windows) and thus it is hard to
expect any advantages of ICA over RDP.
ALEX
>From: "Jeff Pitsch" <jpitsch@xxxxxxx>
>Reply-To: thin@xxxxxxxxxxxxx
>To: <thin@xxxxxxxxxxxxx>
>Subject: [THIN] Re: 2003
>Date: Wed, 13 Oct 2004 11:48:25 -0400
>
>While both have encryption you can turn on, I would say with CSG your
>stream is more secure.
>
>Jeff Pitsch
>
>-----Original Message-----
>From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
>Behalf Of Bill Beckett
>Sent: Wednesday, October 13, 2004 11:35 AM
>To: 'thin@xxxxxxxxxxxxx'
>Subject: [THIN] 2003
>
>Back to the 2003 RDP vs Citrix ICA debate. If accessing published apps
>or
>desktops across the WAN, isn't ICA more secure or I should say can't you
>make ICA more secure with Secure Gateway? Or is that not an accurate
>assessment?
>
>********************************************************
>This Weeks Sponsor RTO Software
>Do you know which applications are abusing your CPU and memory?
>Would you like to learn? -- Free for a limited time!
>Get the RTO Performance Analyzer to quickly learn the applications, users,
>and time of day possible problems exist.
>http://www.rtosoft.com/enter.asp?id20
>**********************************************************
>Useful Thin Client Computing Links are available at:
>http://thin.net/links.cfm
>***********************************************************
>For Archives, to Unsubscribe, Subscribe or
>set Digest or Vacation mode use the below link:
>http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? -- Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications, users,
and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id=320
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
***********************************************************************************
The Royal Bank of Scotland plc. Registered in Scotland No 90312.
Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB.
Authorised and regulated by the Financial Services Authority
This e-mail message is confidential and for use by the
addressee only. If the message is received by anyone other
than the addressee, please return the message to the sender
by replying to it and then delete the message from your
computer. Internet e-mails are not necessarily secure. The Royal
Bank of Scotland plc does not accept responsibility for
changes made to this message after it was sent.
Whilst all reasonable care has been taken to avoid the
transmission of viruses, it is the responsibility of the recipient to
ensure that the onward transmission, opening or use of this
message and any attachments will not adversely affect its
systems or data. No responsibility is accepted by The Royal
Bank of Scotland plc in this regard and the recipient should carry
out such virus and other checks as it considers appropriate.
Visit our websites at:
http://www.rbs.co.uk/CBFM
http://www.rbsmarkets.com
********************************************************************************
********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? -- Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications, users,
and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id20
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
