Seeing as you are only worried about http/https/ftp...
Suggest you install ms proxy server (or CSM proxy) and point all users on TS
to go via it.
On MSP you can allow only certain NT groups or people access to each
protocol.
The logs out of MSP also log the username
The authentication is transparent (no more entering passwords)
hth
deanc
-----Original Message-----
From: Field, Lee [mailto:[EMAIL PROTECTED]]
Sent: Monday, 12 June 2000 10:34 PM
To: '[EMAIL PROTECTED]'
Subject: [FW1] PERSONAL: Citrix Issues....
We have an interesting issue and I wonder if anybody has come across this
before.
We are just about to roll out Citrix Metaframe to ~30 users most of whom
have internet access.
Before using the internet they have to authenticate using Client
Authentication. When we move over to Metaframe all users will authenticate
back to the same IP. So if I authenticate and my rules are allocated and
then Joe Bloggs connects to the same server he does not need to authenticate
because I already am. This means I cannot prove who did what effectively
bypassing all the security currently in place.
My thinking is that we do not allow users to access IE from the Terminal
Server and deny any access from the server on the FW. They can then run
from local versions of IE and authenticate from there. Next problem is...
in their rush to move over to this they want to use Compaq T1000 thin
clients which run Win CE :( with no local install of IE.
Has anyone else had to deal with something similar to this ?
Thanks
Lee Field
Security Systems Administrator
**************************************************************************
From Swiss Life (UK) plc
The views expressed in this email are personal and may not reflect
those of Swiss Life, unless explicilty stated otherwise. If you
have any concerns about the inappropriate use of this account,
please email [EMAIL PROTECTED]
***************************************************************************
____________________________________________________________________________
__
This message has been checked for all known viruses by Star Internet
delivered
through the MessageLabs Virus Control Centre. For further information visit-
http://www.star.net.uk/stats.asp
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
***************************************************
This e-mail is not an official statement of the
Waikato Regional Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
