This is a foolish disposition. One should always be vigilant and accept that any system can be compromised. I will admit, if a CSG admin utilizes features such as client side server certificates, RSA two factor authentication and validated/signed client mediums, they will greatly reduce the likelihood of an breach, however, these features DO NOT eliminate the possibility of compromise. Should you worry? Only if you don't practice due diligence and competence in you architecture methodology. Sam -----Original Message----- From: Chris Lynch [mailto:lynch00@xxxxxxx] Sent: Thursday, September 05, 2002 8:12 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: CSG - Hacking -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Exactly. The only thing anyone could even try to do is DoS the CSG box. You CANNOT hack into the system. If you had the CSG in Realy mode, then I would say yeah. But this is not the mode you install CSG in. You have to manually specify in a command-line switch when you execute the installation. Also, with the 1.1 version, the ticket is longer than the original release. Much harder to "crack" or guess. Also, after the ticket has been generated, it will expire after 100ms, which is the default. Let me know if you have any further questions about this, CHRIS LYNCH - MCSE, CCNA, CCA NETWORK ENGINEER - INFORMATION TECHNOLOGY NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691 Chris.lynch@xxxxxxxxxx Tel 949.367.3406 - -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Stansel, Paul Sent: Thursday, September 05, 2002 5:03 PM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: CSG - Hacking Heh...you're talking about a session encrypted with 128bit SSL. Unless they are remoting the client box, it ain't gonna happen. - -Paul > ---------- > From: Ray.Albert@xxxxxxxxxxxxxxx[SMTP:Ray.Albert@xxxxxxxxxxxxxxx] > Reply To: thin@xxxxxxxxxxxxx > Sent: Thursday, September 05, 2002 5:16 PM > To: thin@xxxxxxxxxxxxx > Subject: [THIN] CSG - Hacking > > > > Can anyone let me know if there is a way for a user to Hack a > citrix published session? > > What we are looking at is giving some or clients access to a > published application through NFUSE Classic and use CSG. This > will be in the DMZ. The application will not be in the DMZ. > > Our network and security have doubts about giving someone access to > an internal application. > > Anyone have any thoughts on this? > > Please Help. > > Ray Albert > ChoicePoint Inc > ray.albert@xxxxxxxxxxxxxxx > > > > ********************************************** > This weeks sponsor 99Point9.com > 99Point9 helps solve your unresolved technical > server-based questions, issues and incidents. > http://www.99point9.com > *********************************************** > > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link. > > http://thethin.net/citrixlist.cfm > ********************************************** This weeks sponsor 99Point9.com 99Point9 helps solve your unresolved technical server-based questions, issues and incidents. http://www.99point9.com *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPXfy3Pl56xfvzmMfEQLjywCgzlRuYupfxwB9YNdr24kkSxcHAhAAoKEX 8H3sbkdA0/14xa39miyrH+9T =mNjr -----END PGP SIGNATURE----- ********************************************** This weeks sponsor 99Point9.com 99Point9 helps solve your unresolved technical server-based questions, issues and incidents. http://www.99point9.com *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm ********************************************** This weeks sponsor 99Point9.com 99Point9 helps solve your unresolved technical server-based questions, issues and incidents. http://www.99point9.com *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm