While I completely agree with you in theory, in practice this has never caused us a problem. I've suggested to my clients that it may be a matter of time before this port gets exploited, to date we've had 0 issues and have been running this way for years. Can anyone provide concrete reasons not to expose 1494 to the internet? PS - Don't jump all over me here, I'm all in favor of exposing as little as possible to the net... I just need more ammo to convince those with the purse strings. - Bob Coffman -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of Chris Lynch Sent: Thursday, May 20, 2004 12:01 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Port/box Security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The cost of hardware is negligible once someone high up understands the security implications. Also, these two services can run on the same server, and don't require much (PIV with 512MB of RAM would be sufficient for almost 1000 connections). And, notice that I said "WI AND SG". I would never recommend running just WI, unless it was for internal users only. Exposing the ICA port to the Internet is just asking for trouble. Especially if you are also wanting Program Neighborhood access (either XML or 1604/UDP). Chris ******************************************************** This Week's Sponsor - Tarantella Secure Global Desktop Tarantella Secure Global Desktop Terminal Server Edition Free Terminal Service Edition software with 2 years maintenance. http://www.tarantella.com/ttba ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm