[THIN] Re: Port/box Security

  • From: "Chris Lynch" <lynch00@xxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Thu, 20 May 2004 11:50:55 -0700

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

To say that you have never experienced this, doesn't mean that it
doesn't happen.  Just do a search on http://neworder.box.sk for
CITRIX or ICA and you will find a few exploits/hacks.  Can you say
for sure that no one has EVER attempted to log into your systems?  If
I did a port scan on your external IP range and saw that 1494 was
open, or 3389, or if my port scanner attempted a telnet to that port
to see if any banner was presented for the service and I get the ^ICA
prompt, I know that I need the ICA client to connect to that IP
address.  Bam.  I have a logon prompt.  I can then try to use a
dictionary attack attempt to guess usernames and passwords.  OR, if
you have the XML service open to the internet or the ICA Browser
service (1604/UDP), all I would need to do is capture or attempt a
redirect (hijack) the TCP/UDP connection to my machine.  I could then
attempt to crack the password.

Again, there is a lot of "attempting" here.  I would rather be safe
knowing that I had SG in place or a VPN in place that is securing the
communications.  Also, what's to say that I cannot get the source of
the connection, and break into that machine?  How many users out
there have firewalls in place?  Not many.  With Windows XP SP2, the
firewall will be enabled by default.  That's a good thing.  We will
see how robust that firewall is.  That's also for another discussion.

Chris 

> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx 
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Robert K 
> Coffman Jr - Info From Data Corporation
> Sent: Thursday, May 20, 2004 11:38 AM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Port/box Security
> 
> While I completely agree with you in theory, in practice this 
> has never caused us a problem.  I've suggested to my clients 
> that it may be a matter of time before this port gets 
> exploited, to date we've had 0 issues and have been running 
> this way for years.
> 
> Can anyone provide concrete reasons not to expose 1494 to the 
> internet?
> 
> PS - Don't jump all over me here, I'm all in favor of 
> exposing as little as possible to the net...  I just need 
> more ammo to convince those with the purse strings.
> 
> - Bob Coffman
> 
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx
> [mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of Chris Lynch
> Sent: Thursday, May 20, 2004 12:01 PM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Port/box Security
> 
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> The cost of hardware is negligible once someone high up 
> understands the security implications.  Also, these two 
> services can run on the same server, and don't require much 
> (PIV with 512MB of RAM would be sufficient for almost 1000 
> connections).
> 
> And, notice that I said "WI AND SG".  I would never recommend 
> running just WI, unless it was for internal users only.  
> Exposing the ICA port to the Internet is just asking for 
> trouble.  Especially if you are also wanting Program 
> Neighborhood access (either XML or 1604/UDP).
> 
> Chris
> 
> 
> 
> ********************************************************
> This Week's Sponsor - Tarantella Secure Global Desktop 
> Tarantella Secure Global Desktop Terminal Server Edition Free 
> Terminal Service Edition software with 2 years maintenance.
> http://www.tarantella.com/ttba
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or set Digest or 
> Vacation mode use the below link:
> http://thin.net/citrixlist.cfm

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
Comment: Public PGP Key for Chris Lynch

iQA/AwUBQKz+Dm9fg+xq5T3MEQJWtACeL2emd6LHrEyj54jl74ZE4xy6cgIAnRDK
jVFNAPrlJdIEcLdr+f0rsFY4
=rs5a
-----END PGP SIGNATURE-----


********************************************************
This Week's Sponsor - Tarantella Secure Global Desktop
Tarantella Secure Global Desktop Terminal Server Edition
Free Terminal Service Edition software with 2 years maintenance.
http://www.tarantella.com/ttba
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts: