Re: [PEN-TEST] Security of Citrix server to client protocol

[Peter Van Epp <vanepp () SFU CA>]

> Peter Van Epp wrote:
> >         My question is can any one tell me I don't even need to look because
> > the server client protocol is (for instance) a full IP connection and full of
> > holes? Has anyone been able to compromise a client machine by breaking in to
> > the server on Citrix?
>
> Hi,
>
> The Citrix client has the ability to map local file systems to a drive
> on the Citrix server, by default the linux client mounts the /tmp
> directory to the R drive.  If someone gains access to the server, they

        Thanks, that right there tells me that Citrix isn't worth considering
in this application (which is what I was afraid of). I guess I'll have to have
a look at the ATT VNC (? never remember the right acronym :-)) product which
I believe is open source and our NT folks are using (within SSH tunnels) to
do remote administration. All I want is a stream of keystrokes from the secure
net out and a stream of video drawing commands (and only those) allowed in
to a gateway machine which will basically pass video drawing commands to
a client side rendering engine (and only there), anything else gets tossed and
alarm about an attack raised. I don't want anything other than drawing commands
to the video screen coming in to the network, and certainly no file sharing.
I'd be real tempted to do without an operating system, only two ethernet
drivers and a dirt simple filter program running on a PC loaded from DOS to
do the program loading.

Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada