Chris - We are having a problem communicating between the STA and CSG - = have been on the phone with Citrix all morning. Basically if we turn off = CSG in the Nfuse admin we can launch the apps - . The first time around we = got a message - to the effect that there werw no STA's accessible. We = rebuilt the STA and the CSG and reapplied the hot fix -=20 Are you open for a phone call this afternoon some ideas??? Gene >>> lynch00@xxxxxxx 09/06/02 01:12PM >>> =20 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Exactly. This is what I have been trying to say. If security is a really big concern, which it should be, then add the SecureID token to the logon. This is how Citrix implemented CSG and Nfuse for their corporate users. CHRIS LYNCH - MCSE, CCNA, CCA NETWORK ENGINEER - INFORMATION TECHNOLOGY NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691 Chris.lynch@xxxxxxxxxx Tel 949.367.3406 - -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Ron Oglesby Sent: Friday, September 06, 2002 9:35 AM To: thin@xxxxxxxxxxxxx=20 Subject: [THIN] Re: CSG - Hacking To "ride the port" into the MF servers they will need a user ID and Password. IF you are worried about your users hacking (not outsiders) then you have a bigger problem. But if it is just outside hackers. The only way to use the port on the CSG is to have signed in using a valid username and password to the Nfuse server. If not the packets are dropped at the CSG which is acting as a proxy.=3D20 If that is their concern, and a valid user ID and password is not good enough then add another layer by adding secureid to the IIS box.=3D20 Ron Oglesby Senior Technical Architect =3D20 RapidApp Office 312.372.7188 Mobile 312.961.2380 email roglesby@xxxxxxxxxxxx=20 =3D20 - -----Original Message----- From: Ray.Albert@xxxxxxxxxxxxxxx=20 [mailto:Ray.Albert@xxxxxxxxxxxxxxx]=3D20=20 Sent: Friday, September 06, 2002 10:37 AM To: thin@xxxxxxxxxxxxx=20 Subject: [THIN] Re: CSG - Hacking Everyone thanks for the replies to this. Let me see if I can clarify what the security people are afraid of - The user somehow is able hack the published application and gain access to the Citrix Box on the inside. Is this possible? Has anyone seen this happen? What we are looking at is NFuse Classic 1.7 and CSG 1.1 in the DMZ and then a Citrix metaframe on the inside of the DMZ and only published applications. The security people and network people are afraid someone will be able to somehow ride the CSG port through the firewall to the Citrix Servers. Ray Albert ChoicePoint Inc ray.albert@xxxxxxxxxxxxxxx=20 ********************************************** This weeks sponsor 99Point9.com 99Point9 helps solve your unresolved technical server-based questions, issues and incidents. http://www.99point9.com=20 *********************************************** For Archives, to Unsubscribe, Subscribe or=3D20 set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm=20 ********************************************** This weeks sponsor 99Point9.com 99Point9 helps solve your unresolved technical server-based questions, issues and incidents. http://www.99point9.com=20 *********************************************** For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm=20 -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPXjh6vl56xfvzmMfEQJiRwCg30UO5CtU0icBQEooODLTaZosp04An0+5 OIHc/DGG92jp7Q6t5HB+/bTB =3DrzbJ -----END PGP SIGNATURE----- ********************************************** This weeks sponsor 99Point9.com 99Point9 helps solve your unresolved technical server-based questions, issues and incidents. http://www.99point9.com=20 *********************************************** For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm ************************************************************************* This message, together with any attachments, is intended only for the use of the individual or entity to which it is addressed. It may contain information that is confidential and prohibited from disclosure. If you are not the intended recipient, you are hereby notified that any dissemination or copying of this message or any attachment is strictly prohibited. If you have received this message in error, please notify the original sender immediately by telephone or by return e-mail and delete this message along with any attachments, from your computer. Thank you. ************************************************************************* ********************************************** This weeks sponsor 99Point9.com 99Point9 helps solve your unresolved technical server-based questions, issues and incidents. http://www.99point9.com *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm