RE: RE: Citrix Traffic

["Lariviere, Stephen G" <Stephen.Lariviere () CITIZENSBANK com>]

Encryption can be enforced at various levels; i.e. ICA listener and/or
server and/or published app.




-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of lewise () isotrak com
Sent: Tuesday, June 19, 2007 5:40 AM
To: security-basics () securityfocus com
Subject: Re: RE: Citrix Traffic

Encryption is optional at Presentation Server install stages. The test
lab in question has encryption "off".



I think dsniff will collect user id's and passwords from this traffic.
-----------------------------------------
Use of email is inherently insecure. Confidential information,
including account information, and personally identifiable
information, should not be transmitted via email, or email
attachment.  In no event shall Citizens or any of its affiliates
accept any responsibility for the loss, use or misuse of any
information including confidential information, which is sent to
Citizens or its affiliates via email, or email attachment. Citizens
does not guarantee the accuracy of any email or email attachment,
that an email will be received by Citizens or that Citizens will
respond to any email. 
 
This email message is confidential and/or privileged. It is to be
used by the intended recipient only.  Use of the information
contained in this email by anyone other than the intended recipient
is strictly prohibited. If you have received this message in error,
please notify the sender immediately and promptly destroy any
record of this email.