[THIN] Re: Port/box Security

  • From: "Chris Lynch" <lynch00@xxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Thu, 20 May 2004 09:01:09 -0700

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The cost of hardware is negligible once someone high up understands
the security implications.  Also, these two services can run on the
same server, and don't require much (PIV with 512MB of RAM would be
sufficient for almost 1000 connections).

And, notice that I said "WI AND SG".  I would never recommend running
just WI, unless it was for internal users only.  Exposing the ICA
port to the Internet is just asking for trouble.  Especially if you
are also wanting Program Neighborhood access (either XML or
1604/UDP).

Chris

> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx 
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Rogers
> Sent: Thursday, May 20, 2004 8:33 AM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Port/box Security
> 
> Cost of hardware? :)
> 
> And unless i've missed something in my (extremely) brief 
> reading, but WI on=  its own still needs the citrix port open 
> to the net? I get the impression = theres a few on this list 
> with just WI, no CSG?
> 
> Andrew
> --o--
> 
> >>> lynch00@xxxxxxx 20/05/04 16:11:54 >>>
> =20
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Agreed.  Why would you NOT run WI and SG to provide user 
> access to your farm (for both Internal and External users)?  
> Having the Windows GINA displayed via the ICA protocol isn't 
> very security conscious.
> 
> Chris=20
> 
> > -----Original Message-----
> > From: thin-bounce@xxxxxxxxxxxxx=20
> > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Paul DeHaan
> > Sent: Thursday, May 20, 2004 7:39 AM
> > To: thin@xxxxxxxxxxxxx=20
> > Subject: [THIN] Re: Port/box Security
> >=20
> > Look at all the latest remotely exploitable security issues=20  and 
> >worms.  =3D That should be enough to convince you to at=20  
> least have 
> >a perimeter around =3D your production environment. =20  
> Search the web 
> >there are countless articles =3D talking about this.
> >=20
> > >>> Andrew.Rogers@xxxxxxxxxxxxxxxxxx 05/20/04 09:33AM >>>
> > For those that dont have some sort of intermediary between=20  the 
> >internet =3D and=3D3D  their citrix boxes, do you allow=20  direct 
> >access from the internet?
> > Can anyone give any reasoned arguments as to why the servers=20  
> >shouldnt be =3D di=3D3D rect on the internet? (only the ica port=20  
> >redirected from the firewall to =3D th=3D3D e server) =20  Is there 
> >anything else to avoid this, other than CSG/VPNs?
> >=20
> > Andrew
> > --o--
> >=20
> > ********************************************************
> > This Week's Sponsor - Tarantella Secure Global Desktop=20  
> Tarantella 
> >Secure Global Desktop Terminal Server Edition Free=20  
> Terminal Service 
> >Edition software with 2 years maintenance.
> > http://www.tarantella.com/ttba=3D20=20
> > **********************************************************
> > Useful Thin Client Computing Links are available at:
> > http://thin.net/links.cfm=3D20=20
> > ***********************************************************
> > For Archives, to Unsubscribe, Subscribe or=3D20 set Digest or=20  
> >Vacation mode use the below link:
> > http://thin.net/citrixlist.cfm=20
> >=20
> > ********************************************************
> > This Week's Sponsor - Tarantella Secure Global Desktop=20  
> Tarantella 
> >Secure Global Desktop Terminal Server Edition Free=20  
> Terminal Service 
> >Edition software with 2 years maintenance.
> > http://www.tarantella.com/ttba=20
> > **********************************************************
> > Useful Thin Client Computing Links are available at:
> > http://thin.net/links.cfm=20
> > ***********************************************************
> > For Archives, to Unsubscribe, Subscribe or set Digest or=20 
>  Vacation 
> >mode use the below link:
> > http://thin.net/citrixlist.cfm=20
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.3
> Comment: Public PGP Key for Chris Lynch
> 
> iQA/AwUBQKzKuW9fg+xq5T3MEQKsmgCgwi8W6Z0gUMupYIAT1YaGMOmuFgwAoKXK
> bdw7n/CctZ/HNuLSTbYVm+2T
> =3DSMaH
> -----END PGP SIGNATURE-----
> 
> ********************************************************
> This Week's Sponsor - Tarantella Secure Global Desktop 
> Tarantella Secure Global Desktop Terminal Server Edition Free 
> Terminal Service Edition software with 2 years maintenance.
> http://www.tarantella.com/ttba=20
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm=20
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or=20 set Digest or 
> Vacation mode use the below link:
> http://thin.net/citrixlist.cfm=20
> =20
> 
> 
> ********************************************************
> This Week's Sponsor - Tarantella Secure Global Desktop 
> Tarantella Secure Global Desktop Terminal Server Edition Free 
> Terminal Service Edition software with 2 years maintenance.
> http://www.tarantella.com/ttba
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or set Digest or 
> Vacation mode use the below link:
> http://thin.net/citrixlist.cfm

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
Comment: Public PGP Key for Chris Lynch

iQA/AwUBQKzWRG9fg+xq5T3MEQJ8qQCeMgcNIc4WQZKgN8bbqpEtRV4FkbwAn33w
vx2ojky9NhmfKuC+TKRyTxs0
=7Es6
-----END PGP SIGNATURE-----


********************************************************
This Week's Sponsor - Tarantella Secure Global Desktop
Tarantella Secure Global Desktop Terminal Server Edition
Free Terminal Service Edition software with 2 years maintenance.
http://www.tarantella.com/ttba
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts: