Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Citrix Metaframe Security Assessment

from [Berdt van der Lingen] Network Security [Permanent Link]
Subject: Re: Citrix Metaframe Security Assessment
Date: Fri, 22 Jul 2005 11:12:31 +0200 
On 7/21/05, bob sengupta <bobsengupta@hotmail.com> wrote:

I am looking for a security assessment technique to conduct assessment of a
Citrix Implementation. I do have a benchmark to check Citrix configurations.
However, the problem is not having access to the actual devices to be able
to assess security. Is there a way to export configuration settings from all
Citrix components and be able to get configuration settings to review? The
component breakdown is as follows:

Citrix Secure Ticketing Authority
Citrix/Nfuse Classic server
Citrix Secure Gateway


I think you would need the following information to:

- ICA protocol encryption level
- Citrix Policy's
- Shadowing settings

and things like: are users allowed to download software form the
internet, are they allowed to run non-authorised software from
locations like a local disk or homedirectory

--
regards,

Berdt van der Lingen

http://hire.berdt.nl
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Windows NT shellcode needed, Mike Klingler
Next by Date:  Siebel Vulnerabilities, Scott Roberts
Previous by Thread:  Re: Citrix Metaframe Security Assessment, Compuoso
Next by Thread:  verify HTTPS 'vulnerabilities', Dan Rogers
Indexes:  [Date] [Thread] [Top] [All Lists]