[THIN] Re: speaking of security nazis

• From: Greg Reese <gareese@xxxxxxxxx>
• To: thin@xxxxxxxxxxxxx
• Date: Tue, 25 Aug 2009 10:04:21 -0500

SSL encryption is SSL encryption regardless of whether it comes from the CSG
or the CAG.  The CAG is a hardware appliance and has some other goodies and
toys in it.  But for proxying incoming connections to your protected Citrix
farm, the engine is the same.

The CAG will give you some endpoinit policies that CSG does not.  Things
like no mapped drives if AV defs aren't current.  You could (and should)
craft a Citrix policy to deny mapped drives to external clients anyway.
Encrypt XML.  that sort of thing.

On Tue, Aug 25, 2009 at 9:45 AM, Wilson, Christopher <CMWilson@xxxxxxxxxxxxx
> wrote:

>  The AppSense conversation reminds me of something else I want to bounce
> off you guys.
>
>
>
> I am working at a company now that places I high priority on security –
> perhaps more than I’m used to.  I’m planning a consolidation of several
> Citrix farms, one of which resides a DMZ.  A small subset of business apps
> are hosted here (Office and files shares really), because it was deemed too
> great a risk to provide access to the whole internal Citrix environment.
>  The security team believes Citrix Secure Gateway with single factor
> authentication doesn’t provide enough protection from external attack and
> thus won’t point it at internal farms.  (This is foreign to me since I think
> of this as a limited VPN, and they do have VPN access.)
>
>
>
> So here’s where I’m interested in your input.  Two-factor authentication is
> not in the budget, so not an option.   Is CSG that much of a risk to merit
> this kind of concern?  Is CAG sufficiently better to mitigate some of this
> concern?  How are others doing it?  My own experience is that I’ve seen lots
> of CSG, a little CAG, and two factor authentication primarily at larger
> companies.
>
>
>
> I want to be able to roll this DMZ farm internal, and provide the benefits
> of remote access for all apps they’ve been missing out on.  But I’ll have to
> get past the security guys first.
>

• Follow-Ups:
  • [THIN] Re: speaking of security nazis
    • From: Wilson, Christopher
  • [THIN] Re: speaking of security nazis
    • From: Warren Simondson

• References:
  • [THIN] speaking of security nazis
    • From: Wilson, Christopher

Other related posts:

• » [THIN] speaking of security nazis- Wilson, Christopher
• » [THIN] Re: speaking of security nazis- Robert K Coffman Jr. -Info From Data Corp.
• » [THIN] Re: speaking of security nazis - Greg Reese
• » [THIN] Re: speaking of security nazis- Wilson, Christopher
• » [THIN] Re: speaking of security nazis- Wilson, Christopher
• » [THIN] Re: speaking of security nazis- Greg Reese
• » [THIN] Re: speaking of security nazis- Berny Stapleton
• » [THIN] Re: speaking of security nazis- Greg Reese
• » [THIN] Re: speaking of security nazis- Berny Stapleton
• » [THIN] Re: speaking of security nazis- Greg Reese
• » [THIN] Re: speaking of security nazis- Hutchinson, Alan
• » [THIN] Re: speaking of security nazis- Berny Stapleton
• » [THIN] Re: speaking of security nazis- Jeff Pitsch
• » [THIN] Re: speaking of security nazis- Andrew Wood
• » [THIN] Re: speaking of security nazis- Kevin Stewart
• » [THIN] Re: speaking of security nazis- Wilson, Christopher
• » [THIN] Re: speaking of security nazis- Wilson, Christopher
• » [THIN] Re: speaking of security nazis- Kevin Stewart
• » [THIN] Re: speaking of security nazis- Wilson, Christopher
• » [THIN] Re: speaking of security nazis- Warren Simondson
• » [THIN] Re: speaking of security nazis- Magnus Hjorleifsson
• » [THIN] Re: speaking of security nazis- Magnus Hjorleifsson
• » [THIN] Re: speaking of security nazis- Jon Wallace
• » [THIN] Re: speaking of security nazis- Andrew Wood
• » [THIN] Re: speaking of security nazis- Andrew Wood
• » [THIN] Re: speaking of security nazis- Andrew Wood
• » [THIN] Re: speaking of security nazis- Andrew Wood
• » [THIN] Re: speaking of security nazis- Magnus Hjorleifsson
• » [THIN] Re: speaking of security nazis- Magnus Hjorleifsson
• » [THIN] Re: speaking of security nazis- Andrew Wood
• » [THIN] Re: speaking of security nazis- Foster, Bill
• » [THIN] Re: speaking of security nazis- Berny Stapleton
• » [THIN] Re: speaking of security nazis- Foster, Bill
• » [THIN] Re: speaking of security nazis- Andrew Wood
• » [THIN] Re: speaking of security nazis- Foster, Bill
• » [THIN] Re: speaking of security nazis- Adam Thompson

1. Home
2. thin
3. Archive
4. 08-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---