[THIN] Re: A question from my security guys about exposure
- From: "Pardee, Michael" <MPardee@xxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Wed, 9 Oct 2002 09:12:26 -0400
My 2 cents - Although we use our VPN a ton, we limit the ports that are
available for use. Just dns and the citrix necessary ports. This may not
protect us 100% but it will stop most viruses from coming in I believe.
-----Original Message-----
From: george.wasgatt@xxxxxxxxxxxx [mailto:george.wasgatt@xxxxxxxxxxxx]
Sent: Wednesday, October 09, 2002 8:43 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: A question from my security guys about exposure
I too would rate your scenario the same - less exposure via an ICA
connection rather than over a VPN. Mostly this is because ICA uses ports
that attackers might not be familiar with. First steps would be to firewall
all home machines connecting to your network via a broadband router and / or
a personal firewall. Follow up by providing good virus protection software
and updating signature often. Treat home machines that VPN with you just
like you would machines in your internal network.
-----Original Message-----
From: Stansel, Paul [mailto:Paul.Stansel@xxxxxxxxxxxxx]
Sent: Wednesday, October 09, 2002 8:34 AM
To: 'citrixse@xxxxxxxxxxxxxxx'; 'thin@xxxxxxxxxxxxx'
Subject: [THIN] A question from my security guys about exposure
Setup: MF XPe, Nfuse 1.7 with CSG, no SSL relay configured. Most users only
have access to published apps, though some have desktops. We are using a
mix of ICA web clients and full PN clients, though will be moving to 99% web
clients.
Scenario: We have an at-home worker who has a PC that is direct connected to
the Internet through a cable-modem or DSL (take your pick). The worker has
a VPN connection to our network. Their PC at home has been back-doored. Now
when the worker connects through the VPN, they are opening a connection to
our network for whoever back-doored them.
Now change the scenario, such that instead of a VPN connection, the worker
is connecting to us via a Citrix connection over the web. Their PC still
has the back-door on it. What is the equivelant exposure under this
scenario? Can the person that controls the back-door hijack the Citrix
session somehow or gain access to the resources on the network while the
connection is active? I am guessing the exposure is not as great since that
workstation isn't truly a node on the network as it would be under a VPN
solution, but I am curious as to what other risks may exist and how we can
safeguard against them if they exist.
Thanks,
Paul
**********************************************
This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents. http://www.99point9.com
***********************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
**********************************************
This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents. http://www.99point9.com
***********************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
**********************************************
This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents.
http://www.99point9.com
***********************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
Other related posts:
