You can get past the cert issue by using IPSEC. This would allow you to verify the client is a trusted client. I'm not sure how to do the virus check. Dennis > -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of BRUTON, Malcolm, FM > Sent: Thursday, October 14, 2004 5:01 AM > To: 'thin@xxxxxxxxxxxxx' > Subject: [THIN] Re: 2003 > > This is an interesting thread. Something that we are looking > at but our > security guys are not so keen on CSG. We need something like > a local cert > so that only a trusted machine can use CSG. We also need to > know that the > machine has say a virus product and possibly a firewall > running before they > can use CSG. Security guys reasons are that there could be a > screen scraper > or keyboard logger pulling vital information. I mean CSG is > more secure > than most solutions but if the machine that you are connecting from is > compromised it could still spell problems. Has anybody got > any ideas how to > get round this? i.e. only allow CSG from company supplied > laptops rather > than from say an Internet café. How we can run it with > workstation certs > and server certs and know that virus protection is running. > Our security > guys lean towards SLL/VPN's because you can look for local certs virus > protection etc before establishing the connection and in > theory know that > the machine is safe before allowing a connection. > > Thoughts? > > Malcolm > > -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf > Of Alexander Danilychev > Sent: 13 October 2004 18:41 > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: 2003 > > One of CSG advantages is the SSL protection from "man in the middle" > attacks. However, to realize full SSL potential both server > and client > should have private certificates - not just the server (which > is the case in > > 99% of cases - server has private cert and client has access > to server's > public cert). Unfortunately this is hard to achieve with > outside users where > > connection security is the most vulnerable. > > Regarding "pure" ICA versus RDP - Citrix is relying on Microsoft's > encryption providers/technology (certainly on Windows) and > thus it is hard to expect any advantages of ICA over RDP. > > ALEX > > >From: "Jeff Pitsch" <jpitsch@xxxxxxx> > >Reply-To: thin@xxxxxxxxxxxxx > >To: <thin@xxxxxxxxxxxxx> > >Subject: [THIN] Re: 2003 > >Date: Wed, 13 Oct 2004 11:48:25 -0400 > > > >While both have encryption you can turn on, I would say with CSG your > >stream is more secure. > > > >Jeff Pitsch > > > >-----Original Message----- > >From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On > >Behalf Of Bill Beckett > >Sent: Wednesday, October 13, 2004 11:35 AM > >To: 'thin@xxxxxxxxxxxxx' > >Subject: [THIN] 2003 > > > >Back to the 2003 RDP vs Citrix ICA debate. If accessing > published apps > >or > >desktops across the WAN, isn't ICA more secure or I should > say can't you > >make ICA more secure with Secure Gateway? Or is that not an accurate > >assessment? > > > >******************************************************** > >This Weeks Sponsor RTO Software > >Do you know which applications are abusing your CPU and memory? > >Would you like to learn? -- Free for a limited time! > >Get the RTO Performance Analyzer to quickly learn the > applications, users, > >and time of day possible problems exist. > >http://www.rtosoft.com/enter.asp?id20 > >********************************************************** > >Useful Thin Client Computing Links are available at: > >http://thin.net/links.cfm > >*********************************************************** > >For Archives, to Unsubscribe, Subscribe or > >set Digest or Vacation mode use the below link: > >http://thin.net/citrixlist.cfm > > > ******************************************************** > This Weeks Sponsor RTO Software > Do you know which applications are abusing your CPU and memory? > Would you like to learn? -- Free for a limited time! > Get the RTO Performance Analyzer to quickly learn the > applications, users, > and time of day possible problems exist. > http://www.rtosoft.com/enter.asp?id=320 > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > *********************************************************** > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link: > http://thin.net/citrixlist.cfm > > > ************************************************************** > ********************* > The Royal Bank of Scotland plc. Registered in Scotland No > 90312. Registered Office: 36 St Andrew Square, > Edinburgh EH2 2YB. > Authorised and regulated by the Financial Services Authority > > This e-mail message is confidential and for use by the > addressee only. If the message is received by > anyone other > than the addressee, please return the message to the sender > by replying to it and then delete the message from your > computer. Internet e-mails are not necessarily > secure. The Royal Bank of Scotland plc does not > accept responsibility for > changes made to this message after it was sent. > > > > Whilst all reasonable care has been taken to avoid the > > transmission of viruses, it is the responsibility of the > recipient to > ensure that the onward transmission, opening or use of this > > message and any attachments will not adversely affect its > > systems or data. No responsibility is accepted by The Royal > > Bank of Scotland plc in this regard and the recipient should carry > out such virus and other checks as it considers appropriate. > > > Visit our > websites at: > > http://www.rbs.co.uk/CBFM > > http://www.rbsmarkets.com > > > > ************************************************************** > ****************** > > ******************************************************** > This Weeks Sponsor RTO Software > Do you know which applications are abusing your CPU and memory? > Would you like to learn? -- Free for a limited time! > Get the RTO Performance Analyzer to quickly learn the > applications, users, > and time of day possible problems exist. > http://www.rtosoft.com/enter.asp?id20 > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > *********************************************************** > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link: > http://thin.net/citrixlist.cfm > ******************************************************** This Weeks Sponsor RTO Software Do you know which applications are abusing your CPU and memory? Would you like to learn? -- Free for a limited time! Get the RTO Performance Analyzer to quickly learn the applications, users, and time of day possible problems exist. http://www.rtosoft.com/enter.asp?id20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm