[THIN] Re: CSG - Hacking

• From: "Eugene Herman" <EHerman@xxxxxxxxxxxxx>
• To: <lynch00@xxxxxxx>, <thin@xxxxxxxxxxxxx>
• Date: Fri, 06 Sep 2002 13:21:05 -0400

Chris - We are having a problem communicating between the STA and CSG - =
have been on the phone with Citrix all morning. Basically if we turn off =
CSG in the Nfuse admin we can launch the apps - . The first time around we =
got a message - to the effect that there werw no STA's accessible. We =
rebuilt the STA and the CSG and reapplied the hot fix -=20

Are you open for a phone call this afternoon some ideas???


Gene

>>> lynch00@xxxxxxx 09/06/02 01:12PM >>>

=20
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Exactly.  This is what I have been trying to say.  If security is a
really big concern, which it should be, then add the SecureID token
to the logon.  This is how Citrix implemented CSG and Nfuse for their
corporate users.

CHRIS LYNCH -  MCSE, CCNA, CCA
NETWORK ENGINEER - INFORMATION TECHNOLOGY
NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691
Chris.lynch@xxxxxxxxxx  Tel 949.367.3406


- -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Ron Oglesby
Sent: Friday, September 06, 2002 9:35 AM
To: thin@xxxxxxxxxxxxx=20
Subject: [THIN] Re: CSG - Hacking



To "ride the port" into the MF servers they will need a user ID and
Password.  IF you are worried about your users hacking (not
outsiders) then you have a bigger problem.

But if it is just outside hackers. The only way to use the port on
the CSG is to have signed in using a valid username and password to
the Nfuse server. If not the packets are dropped at the CSG which is
acting as a proxy.=3D20

If that is their concern, and a valid user ID and password is not
good enough then add another layer by adding secureid to the IIS
box.=3D20

Ron Oglesby
Senior Technical Architect
=3D20
RapidApp
Office 312.372.7188
Mobile 312.961.2380
email roglesby@xxxxxxxxxxxx=20
=3D20

- -----Original Message-----
From: Ray.Albert@xxxxxxxxxxxxxxx=20
[mailto:Ray.Albert@xxxxxxxxxxxxxxx]=3D20=20
Sent: Friday, September 06, 2002 10:37 AM
To: thin@xxxxxxxxxxxxx=20
Subject: [THIN] Re: CSG - Hacking



Everyone thanks for the replies to this.

Let me see if I can clarify what the security people are afraid of -

The user somehow is able hack the published application and gain
access to the Citrix Box on the inside. Is this possible?  Has anyone
seen this happen?

What we are looking at is NFuse Classic 1.7 and CSG 1.1 in the DMZ
and then a Citrix metaframe on the inside of the DMZ and only
published applications.

The security people and network people are afraid someone will be
able to somehow ride the CSG port through the firewall to the Citrix
Servers.

Ray Albert
ChoicePoint Inc
ray.albert@xxxxxxxxxxxxxxx=20



**********************************************
This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents. http://www.99point9.com=20
***********************************************

For Archives, to Unsubscribe, Subscribe or=3D20
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm=20


**********************************************
This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents. http://www.99point9.com=20
***********************************************

For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm=20

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPXjh6vl56xfvzmMfEQJiRwCg30UO5CtU0icBQEooODLTaZosp04An0+5
OIHc/DGG92jp7Q6t5HB+/bTB
=3DrzbJ
-----END PGP SIGNATURE-----



**********************************************
This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents.
http://www.99point9.com=20
***********************************************

For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm



*************************************************************************
This message, together with any attachments, is intended only
for the use of the individual or entity to which it is addressed. It
may contain information that is confidential and prohibited from
disclosure.  If you are not the intended recipient, you are
hereby notified that any dissemination or copying of this
message or any attachment is strictly prohibited. If you have
received this message in error, please notify the original sender
immediately by telephone or by return e-mail and delete this
message along with any attachments, from your computer.
Thank you.
*************************************************************************



**********************************************
This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents.
http://www.99point9.com
***********************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

• Follow-Ups:
  • [THIN] Re: CSG - Hacking
    • From: Chris Lynch

Other related posts:

• » [THIN] CSG - Hacking
• » [THIN] Re: CSG - Hacking
• » [THIN] Re: CSG - Hacking
• » [THIN] Re: CSG - Hacking
• » [THIN] Re: CSG - Hacking
• » [THIN] Re: CSG - Hacking
• » [THIN] Re: CSG - Hacking
• » [THIN] Re: CSG - Hacking
• » [THIN] Re: CSG - Hacking
• » [THIN] Re: CSG - Hacking
• » [THIN] Re: CSG - Hacking
• » [THIN] Re: CSG - Hacking
• » [THIN] Re: CSG - Hacking
• » [THIN] Re: CSG - Hacking
• » [THIN] Re: CSG - Hacking
• » [THIN] Re: CSG - Hacking
• » [THIN] Re: CSG - Hacking
• » [THIN] Re: CSG - Hacking
• » [THIN] Re: CSG - Hacking

1. Home
2. thin
3. Archive
4. 09-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---