[THIN] Re: worst case scenario

• From: Christopher Wilson <christofire@xxxxxxxxx>
• To: thin@xxxxxxxxxxxxx
• Date: Tue, 25 Aug 2009 16:39:13 -0500

Cool.  Those STIGs are nice.  Could be very helpful.
Regarding two factor auth, it's partly a case of concurrent users vs. total
users.  Citrix and Appsense license concurrently.  Assuming the RSA type
stuff is per seat.  Needing to do some shopping there yet.

I'll have to check into doughnut day - maybe we have that.

On Tue, Aug 25, 2009 at 3:54 PM, Steve Snyder <kwajalein@xxxxxxxxx> wrote:

> users having domain admin rights - love that. DUN w/o authentication -
> another good one.
>
> As Greg has mentioned before, look up the DISA STIGs - they have them for
> all flavors or modern windows as well as for XenApp itself. Proceed
> carefully, implementing all of them *will* break stuff.
>
> Also, I'm baffled by the statement that two-factor auth is too expensive
> but appsense and a CAG aren't. Actually, I'm not baffled - I smell
> fertilizer.
>
> I worked in that environment once - a financial firm that hosted account
> systems for credit unions - firewalls behind firewalls behind firewalls. We
> didn't have winframe then (nor was I aware of it then) and iirc our only
> external access points were a dial-up vpn through at&t and dedicated
> circuits to the credit unions; absolutely no external access allowed in from
> the internet. Even crazier, for each and every PC internal they had 250
> rules in the firewall controlling outbound connectivity. T'was a mess, but
> every Friday was doughnut day. :)
>  On Wed, Aug 26, 2009 at 3:00 AM, Wilson, Christopher <
> CMWilson@xxxxxxxxxxxxx> wrote:
>
>>  On the security topic still…
>>
>>
>>
>> What is the worst compromise you’ve seen of a Citrix environment?   I’ve
>> never seen one personally.
>>
>>
>>
>> I remember back in the day before CSG etc, we would open 1494 from the
>> outside to our internal Citrix servers.  Citrix used to claim this wasn’t
>> much of an attack vector, but eventually we got CSG and that made it more
>> secure and easier traverse other people’s firewalls.  I’ll stop there, I
>> know there are other measures to secure this traffic, but I’m wondering how
>> much risk are we really talking about with Citrix XenApp?  What’s the worst
>> thing you’ve ever seen?  I’m trying to get a real sense of the risk we need
>> to manage with security measures.
>>
>
>

• References:
  • [THIN] worst case scenario
    • From: Wilson, Christopher
  • [THIN] Re: worst case scenario
    • From: Steve Snyder

Other related posts:

• » [THIN] worst case scenario- Wilson, Christopher
• » [THIN] Re: worst case scenario- Greg Reese
• » [THIN] Re: worst case scenario- Kevin Stewart
• » [THIN] Re: worst case scenario- Steve Snyder
• » [THIN] Re: worst case scenario - Christopher Wilson

1. Home
2. thin
3. Archive
4. 08-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---