This is an interesting thread. Something that we are looking at but our security guys are not so keen on CSG. We need something like a local cert so that only a trusted machine can use CSG. We also need to know that the machine has say a virus product and possibly a firewall running before they can use CSG. Security guys reasons are that there could be a screen scraper or keyboard logger pulling vital information. I mean CSG is more secure than most solutions but if the machine that you are connecting from is compromised it could still spell problems. Has anybody got any ideas how to get round this? i.e. only allow CSG from company supplied laptops rather than from say an Internet café. How we can run it with workstation certs and server certs and know that virus protection is running. Our security guys lean towards SLL/VPN's because you can look for local certs virus protection etc before establishing the connection and in theory know that the machine is safe before allowing a connection. Thoughts? Malcolm -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Alexander Danilychev Sent: 13 October 2004 18:41 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: 2003 One of CSG advantages is the SSL protection from "man in the middle" attacks. However, to realize full SSL potential both server and client should have private certificates - not just the server (which is the case in 99% of cases - server has private cert and client has access to server's public cert). Unfortunately this is hard to achieve with outside users where connection security is the most vulnerable. Regarding "pure" ICA versus RDP - Citrix is relying on Microsoft's encryption providers/technology (certainly on Windows) and thus it is hard to expect any advantages of ICA over RDP. ALEX >From: "Jeff Pitsch" <jpitsch@xxxxxxx> >Reply-To: thin@xxxxxxxxxxxxx >To: <thin@xxxxxxxxxxxxx> >Subject: [THIN] Re: 2003 >Date: Wed, 13 Oct 2004 11:48:25 -0400 > >While both have encryption you can turn on, I would say with CSG your >stream is more secure. > >Jeff Pitsch > >-----Original Message----- >From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On >Behalf Of Bill Beckett >Sent: Wednesday, October 13, 2004 11:35 AM >To: 'thin@xxxxxxxxxxxxx' >Subject: [THIN] 2003 > >Back to the 2003 RDP vs Citrix ICA debate. If accessing published apps >or >desktops across the WAN, isn't ICA more secure or I should say can't you >make ICA more secure with Secure Gateway? Or is that not an accurate >assessment? > >******************************************************** >This Weeks Sponsor RTO Software >Do you know which applications are abusing your CPU and memory? >Would you like to learn? -- Free for a limited time! >Get the RTO Performance Analyzer to quickly learn the applications, users, >and time of day possible problems exist. >http://www.rtosoft.com/enter.asp?id20 >********************************************************** >Useful Thin Client Computing Links are available at: >http://thin.net/links.cfm >*********************************************************** >For Archives, to Unsubscribe, Subscribe or >set Digest or Vacation mode use the below link: >http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor RTO Software Do you know which applications are abusing your CPU and memory? Would you like to learn? -- Free for a limited time! Get the RTO Performance Analyzer to quickly learn the applications, users, and time of day possible problems exist. http://www.rtosoft.com/enter.asp?id=320 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm *********************************************************************************** The Royal Bank of Scotland plc. Registered in Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB. Authorised and regulated by the Financial Services Authority This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by The Royal Bank of Scotland plc in this regard and the recipient should carry out such virus and other checks as it considers appropriate. Visit our websites at: http://www.rbs.co.uk/CBFM http://www.rbsmarkets.com ******************************************************************************** ******************************************************** This Weeks Sponsor RTO Software Do you know which applications are abusing your CPU and memory? Would you like to learn? -- Free for a limited time! Get the RTO Performance Analyzer to quickly learn the applications, users, and time of day possible problems exist. http://www.rtosoft.com/enter.asp?id20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm