RE: Sharing internet through Citrix (or better solution) in isolated network?

[Сергей Цапок <obilion () gmail com>]

Hi!

Here's how you can build a solution using only Microsoft's tools, no Citrix
is needed:

1) Implement Windows Terminal Services
2) Deploy Microsoft Softgrid application virtualization platform
3) Deploy IE/Opera/Firefox through Softgrid to your terminal services
clients (each application instance works in it's own virtual environment,
like a sandbox)
4) Filter internet users via ISA server based on AD Policies for better
security

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Hamid . K
Sent: Monday, November 05, 2007 4:41 PM
To: security-basics () securityfocus com
Subject: Sharing internet through Citrix (or better solution) in isolated
network?

Hi list ,

I`m preparing solution for providing internet-access to internal
users . What I`m looking for is a solution that completely isolate
internet usage and internal systems.

I`m thinking about publishing internet through Citrix based solution,
and keep everything restricted on citrix server/sessions.
But I though there must be better solutions ,as using Citrix p.server
for such case have it`s own security risks , some of them hard to
skip ! 

The good point about terminal based solution IMO is keeping user
workstation clean and (almost) isolated, as it will act like a sandbox
for running browser . 
Any comments?

As always , open-source solutions (if any) are more welcome :)




I`l like to hear your personal experiences both as user & administrator
of such service.


regards
H.K



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com