[THIN] Re: How can I keep people from seeing my server

• From: "John Carver" <johncarver@xxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Wed, 21 Aug 2002 17:14:51 -0700

Before you start throwing money at this, you might just change the port
for ICA. Only running published applications is a good thing also. This
all depends on how seriously you want to address this problem. I just
thought I'd put out some quick fix ideas that don't require a budget.

John Carver
MCSE, CCEA, MCT, CCI, DAD

-MetaFrame XP Practice Exams at www.LearnCitrix.com -
 

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Chris Lynch
Sent: Wednesday, August 21, 2002 3:57 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: How can I keep people from seeing my server



 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Correct.  The only costs you will have to inherite is for the hardware
you may have to purchase and the SSL certificates for the CSG and the
Nfuse site (which are two certs).

CHRIS LYNCH -  MCSE, CCNA, CCA
NETWORK ENGINEER - INFORMATION TECHNOLOGY
NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691
Chris.lynch@xxxxxxxxxx  Tel 949.367.3406


- -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Hathaway
Sent: Wednesday, August 21, 2002 3:45 PM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: How can I keep people from seeing my server



CSG, allows you to only expose port 443 for external access, as opposed
to the now well known 1494 for citrix connections. 

If you have XPe  systems that you want to allow external access too, you
may very well want to take a look at Nfuse, and CSG. You can get them
without any additional costs from
https://secureportal.citrix.com/MyCitrix/cds/host.dll?page=login&actio
n=disp
lay

HTH

J



- -----Original Message-----
From: Adam_Baum@xxxxxxxxxxxxx [mailto:Adam_Baum@xxxxxxxxxxxxx]
Sent: Wednesday, August 21, 2002 3:21 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: How can I keep people from seeing my server




Yes.  No one has succeeded in logging in since they don't have a valid
account.   I wouldn't say completely exposed.  Our router filters out
all
traffic except port 1494.

It's very hard for us to do VPN because too many users have too many
machines (I have 5).  We also let our external business partners in
(just a teeny bit) via metaframe.  We don't have the $$$ for a good
hardware VPN solution.  Also, depening on which VPN solution you use,
most of our users don't have static IP addresses.

As for CSG, I am not familiar with it but if it's connected to the
Internet, people can hack it too.




 

                    "Chris Lynch"

                    <lynch00@xxxxxx       To:    
<thin@xxxxxxxxxxxxx>

                    t>                    cc:

                    Sent by:              Subject:     [THIN] Re: How
can I
keep people from seeing my server        
                    thin-bounce@fre

                    elists.org

 

 

                    08/21/2002

                    03:12 PM

                    Please respond

                    to thin

 

 




- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You mean someone is trying to login to your MF server when it is
completely exposed to the Internet?  Why don't you have CSG implemented,
or only allow access for external users througha VPN connection?  There
are many hack techniques out there that someone "could" bring your
server down, or worse gain access and steal data.

Just my humble opinion.

CHRIS LYNCH -  MCSE, CCNA, CCA
NETWORK ENGINEER - INFORMATION TECHNOLOGY
NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691
Chris.lynch@xxxxxxxxxx  Tel 949.367.3406


- - -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Adam_Baum@xxxxxxxxxxxxx
Sent: Wednesday, August 21, 2002 2:57 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] How can I keep people from seeing my server

HI Folks,

On a W2K  SP2,  XPe FR2 system.  I've disabled all the "respond to ICA
broadcasts" and I've unchecked all the the "Create browser listener on
...".  I'm still getting invalid logons.  These don't look targeted.
More like something is broadcasting/responding.  My MF 1.8 server
doesn't do this and I can't determine what is different between them.  I
should mention that these servers are used for remote access so they are
Internet connected.

Other than the farm checkbox of repsonding to RAS broadcasts (won't let
me disable it), everything appears to be setup correctly.  Given that my
servers are 1 ip address away from each other, I can't see how one is
getting hit (on purpose) and not the other.

I've also made sure the router is configured the same for both ports.

Any ideas?

adam







===================================
This weeks Sponsor:
ThinPrint
- - High resolution, DRIVER FREE PRINTING with no loss of quality in
color.
- - Removes print spooling and rendering tasks from your terminal
server. http://www.thinprint.com ===================================
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm


===================================
This weeks Sponsor:
ThinPrint
- - High resolution, DRIVER FREE PRINTING with no loss of quality in
color.
- - Removes print spooling and rendering tasks from your terminal
server. http://www.thinprint.com ===================================
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPWQaofl56xfvzmMfEQIq9ACfeloVpgtgCCKQwDrW643horhjTakAn1VB
1As5KfNXvR38mRcO8/qtX+aG
=viCM
-----END PGP SIGNATURE-----



===================================
This weeks Sponsor:
ThinPrint
- High resolution, DRIVER FREE PRINTING with no loss of quality in
color.
- Removes print spooling and rendering tasks from your terminal server.
http://www.thinprint.com ===================================
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm



===================================
This weeks Sponsor:
ThinPrint
- High resolution, DRIVER FREE PRINTING with no loss of quality in color.
- Removes print spooling and rendering tasks from your terminal server.
http://www.thinprint.com
===================================
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

• References:
  • [THIN] Re: How can I keep people from seeing my server
    • From: Chris Lynch

Other related posts:

• » [THIN] How can I keep people from seeing my server
• » [THIN] Re: How can I keep people from seeing my server
• » [THIN] Re: How can I keep people from seeing my server
• » [THIN] Re: How can I keep people from seeing my server
• » [THIN] Re: How can I keep people from seeing my server
• » [THIN] Re: How can I keep people from seeing my server
• » [THIN] Re: How can I keep people from seeing my server
• » [THIN] Re: How can I keep people from seeing my server
• » [THIN] Re: How can I keep people from seeing my server
• » [THIN] Re: How can I keep people from seeing my server
• » [THIN] Re: How can I keep people from seeing my server
• » [THIN] Re: How can I keep people from seeing my server
• » [THIN] Re: How can I keep people from seeing my server
• » [THIN] Re: How can I keep people from seeing my server
• » [THIN] Re: How can I keep people from seeing my server

1. Home
2. thin
3. Archive
4. 08-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---