[THIN] A question from my security guys about exposure

  • From: "Stansel, Paul" <Paul.Stansel@xxxxxxxxxxxxx>
  • To: "'citrixse@xxxxxxxxxxxxxxx'" <citrixse@xxxxxxxxxxxxxxx>,"'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
  • Date: Wed, 9 Oct 2002 08:34:29 -0400

Setup: MF XPe, Nfuse 1.7 with CSG, no SSL relay configured.  Most users only
have access to published apps, though some have desktops.  We are using a
mix of ICA web clients and full PN clients, though will be moving to 99% web

Scenario: We have an at-home worker who has a PC that is direct connected to
the Internet through a cable-modem or DSL (take your pick).  The worker has
a VPN connection to our network.  Their PC at home has been back-doored.
Now when the worker connects through the VPN, they are opening a connection
to our network for whoever back-doored them.

Now change the scenario, such that instead of a VPN connection, the worker
is connecting to us via a Citrix connection over the web.  Their PC still
has the back-door on it.  What is the equivelant exposure under this
scenario?  Can the person that controls the back-door hijack the Citrix
session somehow or gain access to the resources on the network while the
connection is active?  I am guessing the exposure is not as great since that
workstation isn't truly a node on the network as it would be under a VPN
solution, but I am curious as to what other risks may exist and how we can
safeguard against them if they exist.

This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents.

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.


Other related posts: