[THIN] Re: Citrix servers and Antivirus software
- From: "Greg Yorke (V)" <GYorke@xxxxxxxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Fri, 30 Aug 2002 11:58:36 -0700
If you have the capability to lock down and standardize your environment,
the Citrix servers should be fine. The file server did have anti-virus on
it, that is why we were caught with our pants down. It was during that whole
Klez fiasco that we were caught. Go figure. It came in through a share that
was left open to the world on the file server. Let me tell you, some people
got in a bit of trouble for that one.
With all that said, I do agree that Citrix servers shouldn't need
anti-virus, but it seems that it is a necessary evil, and it isn't worth the
risk to the Corporation.
G.
-----Original Message-----
From: Jeff Stockard [mailto:JStockard@xxxxxxxxxxxxxxx]
Sent: August 30, 2002 11:16 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Citrix servers and Antivirus software
No, you are correct about protecting the Citrix server (and I suppose =
about the country thing). We do not publish IE on our Citrix server for =
just that reason. We use a seamless application, so they have to use =
their own PC to access outside files.
However, you said your Citrix server should have stopped the virus. If =
your file server had virus protection, and presuming you use the same =
anti-virus software company wide (as most people do), if your file =
server did not stop the virus, the Citrix server (running the same brand =
Anti-virus software with the same virus definitions) would not stop the =
virus.
That is why we run one brand of Anti-virus software on the server that =
connects us to the world, and another on all servers (except the Citrix) =
and all client PC's. This still leaves the door open, so we block =
attachments for review by the IT department. The original question was =
"if I am not connecting to any outside source, and Citrix does not like =
most AV software and all my clients and other servers have AV software, =
do I need AV software on my Citrix server".
-----Original Message-----
From: Greg Yorke (V) [mailto:GYorke@xxxxxxxxxxxxx]=20
Sent: Friday, August 30, 2002 2:03 PM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: Citrix servers and Antivirus software
Not to get into a big political discussion, but what does foreign policy
have anything to do with it. Do you really think you would be safer in
Switzerland than in other countries from viruses? The discussion was, =
why
should you need anti-virus on a Citrix machine when it is locked down.
Theoretically the Citrix server should only be putting screens out. But =
as
soon as you start deploying IE over Citrix and other such apps like =
Outlook,
you are vulnerable.=20
I used to think that if your environment is locked down correctly, all
viruses should be caught before they even get to your Citrix servers. =
And
it's not like the Citrix servers are being used as file servers. Then I =
got
caught. The infection actually came through user profiles. The odd thing =
is
we don't even use roaming profiles. It just found it's way in. With over
2000 users, it is hard to stop infections. It infected one Citrix server =
and
went from there. Granted the Citrix server wasn't the first server to be
infected. In fact it was infected by a background file server. Still, =
the
Citrix server would have stopped it there. Basically, would you deploy
desktops with out antivirus on them. Even if they were locked down
correctly.
Just a thought,
G.
-----Original Message-----
From: Allan Stephens [mailto:algs@xxxxxxxxxxxxxx]
Sent: August 30, 2002 9:37 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Citrix servers and Antivirus software
Here's a thought:
Countries with a non-interventionist foreign policy get hacked less
frequently
Devils's Advocate.
----- Original Message -----
From: "Nail, Larry" <lnail@xxxxxx>
To: <thin@xxxxxxxxxxxxx>
Sent: Saturday, August 31, 2002 12:00 AM
Subject: [THIN] Re: Citrix servers and Antivirus software
>
> Nope, I'm not worried about getting fired... My systems are locked =
down
> pretty hard and AV protected. I was trying to convey the fact that =
admins
> need to take this seriously... Like the other message I saw in this
thread,
> WTS is a client of other servers too, so it can infect other systems =
as
> well.
>
> I perfectly understand the slacker part and I abhor working with =
people
who
> are... I have no tolerance for that..
>
> Good luck at retirement... If you love this stuff, you'll be back =
doing it
> someplace else with less stress!
>
> Larry
>
> -----Original Message-----
> From: Warner, Kathleen [mailto:kwarner@xxxxxxxxxxxx]
> Sent: Thursday, August 29, 2002 5:38 PM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Citrix servers and Antivirus software
>
>
>
>
> -----Original Message-----
> From: Nail, Larry [mailto:lnail@xxxxxx]=3D20
>
> >Trend isn't all that demanding cpu & memory wise... My view, better
> safe than looking for a job.
>
> You actually worry about losing your job over getting hacked? Well,
you're
> working at the wrong place then. You should come work here. Let =
machines
> (this includes both servers and workstations) get hacked here and =
you'll
get
> promoted after spending 2-3 days rebuilding the infected machines from
> scratch. Another important point is to make sure you don't learn your
> lesson and let it happen again by yet again failing to install patches
that
> have been out for months and that could have protected your machines.
Keep
> your machines patched and protected and you'll get ignored and then
brushed
> off and told that you just "got lucky" even when you have tons of logs
> showing that the miscreants who succeeded with hacking the machines =
that
> weren't under your responsibility umbrella were the same miscreants
thwarted
> on your machines. I've been "getting lucky" for nearly 5.5 years now,
> problem is I just don't have it in me to be a slacker so I guess I'm =
just
> not ever going to be promotion material here. The only reason I'm not =
out
> looking for a new job (besides the economy problems) is that =
fortunately
for
> me, I'm "retiring" soon. /end rant
>
> I loved Ray's comments about riding a horse to work and motorcyle =
jumping
> the Grand Canyon, ROFL. I'm going to use that "do you ride a horse to
> work?" with one of my friends who still insists on using Win98 and =
says
the
> same thing, if it ain't broke, don't fix it. Nevermind that the =
machine
is
> like a big blinking neon sign inviting hackers in when they are on the
> internet...
>
>
>
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> This weeks Sponsor:
> ThinPrint
> - High resolution, DRIVER FREE PRINTING with no loss of quality in =
color.
> - Removes print spooling and rendering tasks from your terminal =
server.
> http://www.thinprint.com =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link.
>
> http://thethin.net/citrixlist.cfm
>
>
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> This weeks Sponsor:
> ThinPrint
> - High resolution, DRIVER FREE PRINTING with no loss of quality in =
color.
> - Removes print spooling and rendering tasks from your terminal =
server.
> http://www.thinprint.com
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link.
>
> http://thethin.net/citrixlist.cfm
>
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
This weeks Sponsor:
ThinPrint
- High resolution, DRIVER FREE PRINTING with no loss of quality in =
color.
- Removes print spooling and rendering tasks from your terminal server.
http://www.thinprint.com
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
This weeks Sponsor:
ThinPrint
- High resolution, DRIVER FREE PRINTING with no loss of quality in =
color.
- Removes print spooling and rendering tasks from your terminal server.
http://www.thinprint.com
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
===================================
This weeks Sponsor:
ThinPrint
- High resolution, DRIVER FREE PRINTING with no loss of quality in color.
- Removes print spooling and rendering tasks from your terminal server.
http://www.thinprint.com
===================================
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
===================================
This weeks Sponsor:
ThinPrint
- High resolution, DRIVER FREE PRINTING with no loss of quality in color.
- Removes print spooling and rendering tasks from your terminal server.
http://www.thinprint.com
===================================
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
Other related posts:
