Can you spoof and hijack? more than likely not, in a properly configured CSG environment. Can the client be compromised? yes. What will STA buy you at this point? Nothing. Do you use internet Zones to control ActiveX components? If not you should. Is ActiveX a secure/sandbox oriented programmatic methodology? No. Is JAVA? Yes Is java an operationally effective solution? No ..Limitations and lack of control with non LPR resources. Is CSG a good solution? Absolutely. I'm not knocking it folks! Just addressing reality. -----Original Message----- From: Stansel, Paul [mailto:Paul.Stansel@xxxxxxxxxxxxx] Sent: Friday, September 06, 2002 9:27 AM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: CSG - Hacking Perhaps a better phrasing of this would be "You cannot hack the data stream." Certainly you can try username/password combinations. But the Citrix servers themselves and the ICA traffic generated are impossible to attack, which is what I assumed the question was regarding. > ---------- > From: Schneider, Samuel M. Mr (Contractor) > UHD[SMTP:Samuel.Schneider@xxxxxxxxxxxxxxx] > Reply To: thin@xxxxxxxxxxxxx > Sent: Friday, September 06, 2002 9:24 AM > To: 'thin@xxxxxxxxxxxxx' > Subject: [THIN] Re: CSG - Hacking > > > This is a foolish disposition. One should always be vigilant and > accept that any system can be compromised. I will admit, if a CSG admin > utilizes features such as client side server certificates, RSA two factor > authentication and validated/signed client mediums, they will greatly > reduce > the likelihood of an breach, however, these features DO NOT eliminate the > possibility of compromise. Should you worry? Only if you don't practice > due > diligence and competence in you architecture methodology. > > > Sam > > -----Original Message----- > From: Chris Lynch [mailto:lynch00@xxxxxxx] > Sent: Thursday, September 05, 2002 8:12 PM > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: CSG - Hacking > > > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Exactly. The only thing anyone could even try to do is DoS the CSG > box. You CANNOT hack into the system. If you had the CSG in Realy > mode, then I would say yeah. But this is not the mode you install > CSG in. You have to manually specify in a command-line switch when > you execute the installation. Also, with the 1.1 version, the ticket > is longer than the original release. Much harder to "crack" or > guess. Also, after the ticket has been generated, it will expire > after 100ms, which is the default. > > Let me know if you have any further questions about this, > > CHRIS LYNCH - MCSE, CCNA, CCA > NETWORK ENGINEER - INFORMATION TECHNOLOGY > NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691 > Chris.lynch@xxxxxxxxxx Tel 949.367.3406 > > > - -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On > Behalf Of Stansel, Paul > Sent: Thursday, September 05, 2002 5:03 PM > To: 'thin@xxxxxxxxxxxxx' > Subject: [THIN] Re: CSG - Hacking > > > > Heh...you're talking about a session encrypted with 128bit SSL. > Unless they are remoting the client box, it ain't gonna happen. > > - -Paul > > > ---------- > > From: Ray.Albert@xxxxxxxxxxxxxxx[SMTP:Ray.Albert@xxxxxxxxxxxxxxx] > > Reply To: thin@xxxxxxxxxxxxx > > Sent: Thursday, September 05, 2002 5:16 PM > > To: thin@xxxxxxxxxxxxx > > Subject: [THIN] CSG - Hacking > > > > > > > > Can anyone let me know if there is a way for a user to Hack a > > citrix published session? > > > > What we are looking at is giving some or clients access to a > > published application through NFUSE Classic and use CSG. This > > will be in the DMZ. The application will not be in the DMZ. > > > > Our network and security have doubts about giving someone access to > > an internal application. > > > > Anyone have any thoughts on this? > > > > Please Help. > > > > Ray Albert > > ChoicePoint Inc > > ray.albert@xxxxxxxxxxxxxxx > > > > > > > > ********************************************** > > This weeks sponsor 99Point9.com > > 99Point9 helps solve your unresolved technical > > server-based questions, issues and incidents. > > http://www.99point9.com > > *********************************************** > > > > For Archives, to Unsubscribe, Subscribe or > > set Digest or Vacation mode use the below link. > > > > http://thethin.net/citrixlist.cfm > > > > > ********************************************** > This weeks sponsor 99Point9.com > 99Point9 helps solve your unresolved technical > server-based questions, issues and incidents. http://www.99point9.com > *********************************************** > > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link. > > http://thethin.net/citrixlist.cfm > > -----BEGIN PGP SIGNATURE----- > Version: PGP 7.1 > > iQA/AwUBPXfy3Pl56xfvzmMfEQLjywCgzlRuYupfxwB9YNdr24kkSxcHAhAAoKEX > 8H3sbkdA0/14xa39miyrH+9T > =mNjr > -----END PGP SIGNATURE----- > > > > ********************************************** > This weeks sponsor 99Point9.com > 99Point9 helps solve your unresolved technical > server-based questions, issues and incidents. > http://www.99point9.com > *********************************************** > > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link. > > http://thethin.net/citrixlist.cfm > > > ********************************************** > This weeks sponsor 99Point9.com > 99Point9 helps solve your unresolved technical > server-based questions, issues and incidents. > http://www.99point9.com > *********************************************** > > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link. > > http://thethin.net/citrixlist.cfm > ********************************************** This weeks sponsor 99Point9.com 99Point9 helps solve your unresolved technical server-based questions, issues and incidents. http://www.99point9.com *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm ********************************************** This weeks sponsor 99Point9.com 99Point9 helps solve your unresolved technical server-based questions, issues and incidents. http://www.99point9.com *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm