re: Sharing internet through Citrix (or better solution) in isolated network?

["Hamid . K" <h.kashfi () yahoo com>]

Hi

thanks for your replay . 
I`ve not been familiar with SoftGrid , thanks for pointing it out.
I`m going to evaluate it in few hours , but have few questions in mind
 about it :

How the session management works ? 
for example , will every single user have his own set of customizations
 on browser , 
and be able to keep it on every login ?

what if a user get infected ?
will infection affect other users on same server ? 
Will the infection stay after user open new sessions , or everything
 will be 
cleaned-up after closing session , and we`ll have a fresh new session
 every
login ?

Is it possible to limit TS  session to only publish specific shared
 application
( IE for example ) and filter out everything else ,including windoes
 explorer... ? 
right like what we see in Citrix. 

from security point of view , which solution you recommend more safe ?
softGrid or Citrix ? ( considering their capabilities to harden
 sessions )


best regards
Hamid Kashfi

----- Original Message ----
From: Сергей Цапок <obilion () gmail com>
To: Hamid . K <elite_netbios () yahoo com>
Cc: security-basics () securityfocus com
Sent: Tuesday, November 6, 2007 12:27:17 AM
Subject: RE: Sharing internet through Citrix (or better solution) in
 isolated network?


Hi!

Here's how you can build a solution using only Microsoft's tools, no
 Citrix
is needed:

1) Implement Windows Terminal Services
2) Deploy Microsoft Softgrid application virtualization platform
3) Deploy IE/Opera/Firefox through Softgrid to your terminal services
clients (each application instance works in it's own virtual
 environment,
like a sandbox)
4) Filter internet users via ISA server based on AD Policies for better
security

-----Original Message-----
From: listbounce () securityfocus com
 [mailto:listbounce () securityfocus com] On
Behalf Of Hamid . K
Sent: Monday, November 05, 2007 4:41 PM
To: security-basics () securityfocus com
Subject: Sharing internet through Citrix (or better solution) in
 isolated
network?

Hi list ,

I`m preparing solution for providing internet-access to internal
users . What I`m looking for is a solution that completely isolate
internet usage and internal systems.

I`m thinking about publishing internet through Citrix based solution,
and keep everything restricted on citrix server/sessions.
But I though there must be better solutions ,as using Citrix p.server
for such case have it`s own security risks , some of them hard to
skip ! 

The good point about terminal based solution IMO is keeping user
workstation clean and (almost) isolated, as it will act like a sandbox
for running browser . 
Any comments?

As always , open-source solutions (if any) are more welcome :)




I`l like to hear your personal experiences both as user & administrator
of such service.


regards
H.K



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 





__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com




__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com