-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 13, 2000 1:09 PM
>
> If the Windows TSE box is configured and secured properly
> after the Citrix
> MetaFrame Server is successfully installed, it is not as
> vulnerable as one
> would suspect.
Keep in mind that you don't have to go to extremes with Citrix like
you have to do with, say, web servers, unless you rent Apps on that
box to the public (as in ASP). Public web servers are accessible by
everyone. Citrix by default is too since anyone can use the Citrix
client, connect to the server and start guessing usernames and
passwords. However, if to restrict the access on the protocol level
with tokens (two factor authentication devices, OTP's and whatever
other acronym there is for it), you only have to maintain the same
level of security that you require on your server inside your
network. Users will need to authenticate with the tokens in order to
get through the firewall or tunnel before their packets actually hit
the Citrix box, which weeds out folks on the Internet that don't have
a token and the access it authorizes.
There is still security work that one needs to do, such as securing
user profile directories, setting decent Advanced User Rights, etc.
However, if you can restrict ICA protocol access to only trusted
individuals (read your users, trusted to some extent at least :), you
don't have to fight such a huge battle.
Does that sounds confusing?
Regards,
Frank
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME (X.509) encrypted email preferred.
iQA/AwUBOW41WURKym0LjhFcEQLbwACggsNqzI0GnxsiOesDdOlZRQC3XIcAoP0o
EXcN/ymItlLXSp19uYM8GEUo
=vyPZ
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
