Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: This time, how secure is Citrix?

from [Nick Owen] Network Security [Permanent Link]
Subject: RE: This time, how secure is Citrix?
Date: Sat, 20 Nov 2004 10:37:45 -0500 
Perhaps you can solve both your issues with an SSL-based VPN.  Netilla
has a paper on securing Citrix with their SSL-based VPN here:
http://www.netilla.com/downloads/WP_netilla_Citrix_Vn.pdf. I mention it
only because I have seen it, not that I have even used their product.  I
assume that many of the SSL-vpn vendors would have similar capabilities.
This should limit the exposure you have in the Citrix platform.  They
claim to re-write the Citrix download-able applet into a browser app,
which would certainly be easier on the end-user.  Perhaps their paper
will give you some other ideas.  If so, I'd like to hear them.

As with all 'client-less' VPN systems, strong authentication is
warranted.  There are too many keyloggers and too much client-side
caching to allow this kind of access with just static passwords.  All
those little PIA configuration requirements for Ipsec VPNs and dialers
at least created hassles for attackers.  People are starting to realize
that just a username and password between your network and the Internet
is an increasingly risky prospect. 

Nick Owen

--
Nick Owen
CEO
WiKID Systems, Inc.
http://www.wikidsystems.com
Two Factor Authentication, without the expense factor.
-- 




-----Original Message-----
From: Cesar Diaz [mailto:cdiaz00@gmail.com] 
Sent: Friday, November 19, 2004 11:48 AM
To: sec-basic list
Subject: This time, how secure is Citrix?


List,

I asked a question a few days ago about how secure VPN access 
is for home users on their own home PCs.  I received many 
helpful answers. 
Thank you all for that.

I also want to ask everyones opinion on how secure remote 
access through Citrix can be.

We use Citrix MetaFrame XP available through Nfuse available 
thorugh a public IP address.  The Nfuse website is secured 
with 128-bit SSL. 
Our firewall only allows port 443 to access the server 
through that IP.

The concern now isn't as much the possibility of viruses, 
worm, etc. spreading since this is not a direct connection to 
our LAN like a VPN.  The concern is that if a hacker has 
gained access to the users home computer, then they can 
access the resources on the network that the user accesses.

The idea has been floated of running a script when the user 
connects that deletes their default route to the Internet, 
then adds a route directly to our network.  This should 
theoretically remove access to their machine from the 
Internet.  We would run an exit script that reverses this so 
they get their connectivity back.

Thanks again for any advice,

Cesar Diaz
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: studying guide/book for CISSP, Danny Puckett
Next by Date:  sesecuring access to workgroup for notebooks, Davide
Previous by Thread:  Re: This time, how secure is Citrix?, richardw
Next by Thread:  RE: This time, how secure is Citrix?, Javier Otero De Alba
Indexes:  [Date] [Thread] [Top] [All Lists]