If they can hack SSL encryption let them give it a shot :-). The real vulnerability comes from the IIS boxes that host the CSG and NFuse service. Which if the DMZ is configured right and the security guy can secure an IIS box should limit the threat.=20 There are things you can do to poll for published apps and what not on Citrix servers BUT with the CSG those servers are hidden with no public IP address. The CSG was built to secure internal apps and servers. SEVERAL white papers are out about CSG 1.1 and how it works. Send them to the security guys. I'm not saying it impossible to hack, nothing is. But we set one up and let a security team bang on it for 2 weeks. Nothing. The only thing they could really do was a DOS attack which can happen to any server exposed to the internet. Ron Oglesby Senior Technical Architect =20 RapidApp Office 312.372.7188 Mobile 312.961.2380 email roglesby@xxxxxxxxxxxx =20 -----Original Message----- From: Ray.Albert@xxxxxxxxxxxxxxx [mailto:Ray.Albert@xxxxxxxxxxxxxxx]=20 Sent: Thursday, September 05, 2002 4:16 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] CSG - Hacking Can anyone let me know if there is a way for a user to Hack a citrix published session? What we are looking at is giving some or clients access to a published application through NFUSE Classic and use CSG. This will be in the DMZ. The application will not be in the DMZ. Our network and security have doubts about giving someone access to an internal application. Anyone have any thoughts on this? Please Help. Ray Albert ChoicePoint Inc ray.albert@xxxxxxxxxxxxxxx ********************************************** This weeks sponsor 99Point9.com 99Point9 helps solve your unresolved technical server-based questions, issues and incidents. http://www.99point9.com *********************************************** For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm ********************************************** This weeks sponsor 99Point9.com 99Point9 helps solve your unresolved technical server-based questions, issues and incidents. http://www.99point9.com *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm