Security Basics mailing list archives
RE: Is Citrix safe?
From: MatthewB () CallMeIT com
Date: Wed, 4 Jun 2003 14:10:15 -0400
I have run it in a very security aware environment in the past. Like anything else you need to make sure you are up on your patches. If I remember right in Metaframe XP there is a way to enroll client PCs so you can limit who can connect to it. Another option would be to stick a VPN in front of it. Some hints about deploying secure appications on Citrix: 1. Most products contain a help file. Make sure you disable use of the help file in published applications or else you are giving them access to browse the local files on the server with most applications. 2. Disable the ability to connect with the Citrix Client. Only allow web connects. The client gives them too much power. 3. Only deploy applications and not a desktop. You should create different ICA files for each application rather than providing them with an application browser. 4. Disable any ability for them to browse the local server if it is possible in the application you are serving. Or be ready to make sure you replace default permissions on the 2000 Server. 5. Put the Citrix Server in a DMZ with Access Control Lists for those other servers they may need to talk to. 6. Make sure you use NFuse so that all it needs is port 80 for the Citrix Traffic. To set it up securely you will need some time with the application you are publishing to figure out permissions as well as what other parts of the application the published application is allowed to launch. I would also suggest you take a hard look at http://download2.citrix.com/ctxlibrary/products/pdf/Citrix_Secure_Gateway_Da tasheet.pdf Good Luck, Matthew Bukaty President - Call Me I.T. -----Original Message----- From: Jesper Sobol [mailto:jesper () sobol dk] Sent: Wednesday, June 04, 2003 9:30 AM To: security-basics () securityfocus com Subject: Is Citrix safe? As far as I know, Citrix is based on SSL which is not considered very safe, but unfortunately I dont know enough about Citrix. Could anyone please comment on the security in regards to Citrix? - AAA - SSL encryption - Digital Certificates - Man-in-middle attack What is the generel opinion, and why? I need arguments for and against Citrix, if any? Regards, Jesper Sobol --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Is Citrix safe? Jesper Sobol (Jun 04)
- Question about accounting software and security in cybercafe. Pall Ioan (Jun 05)
- Re: Question about accounting software and security in cybercafe. Michael Boman (Jun 05)
- <Possible follow-ups>
- RE: Is Citrix safe? Lariviere, Stephen (Jun 04)
- RE: Is Citrix safe? MatthewB (Jun 04)
- RE: Is Citrix safe? Nina V. Levitin (Jun 04)
- RE: Is Citrix safe? Lariviere, Stephen (Jun 04)
- RE: Is Citrix safe? Tuttle, Jim (Jun 04)
- Re: RE: Is Citrix safe? Paul Pepper (Jun 05)
- RE: Is Citrix safe? bhavani.suresh (Jun 09)
- Question about accounting software and security in cybercafe. Pall Ioan (Jun 05)