RE: Is Citrix safe?

["bhavani.suresh" <bhavani.suresh () adnoc-dist co ae>]

Hi

It all depends on ur rules and policies and configurations.  If theres a
loop hole in ur policies or rules definition and ur servers are not
properly hardened then no one is to be blamed. 

We also have a CSG but I have not yet fully rolled out.  Put it in the
DMZ and allow only SSL and ICA protocol thru CSG and encrypt the watch
out for any security breaches on the above protocols and keep on
updating htem.


Also on top of it if u could harden the CSG acc to MS then it should be
safe..it all depends on the organisation to have dedicated IS Security
group.  Otherwise maintenance of these patches is byitself a very big
head ache!!  Currently im undergoing a big trauma cos I shoulder admin
and security responsibilities..

Regrds

-----Original Message-----
From: Tuttle, Jim [mailto:Jim.Tuttle () wesd org] 
Sent: Thursday, June 05, 2003 1:02 AM
To: Jesper Sobol; security-basics () securityfocus com
Subject: RE: Is Citrix safe?


Citrix is not safe. End of story.

You can implement the Citrix Secure Gateway and Transaction Authority
for added protection. Get ready to do some serious group policy work
though. The key is to secure your servers in the farm, set up the CSG,
run it all over 128bit encryption thru your SSL Nfuse gateway.

That's what I do.

Jim Tuttle
Willamette ESD
Network Security Analyst


-----Original Message-----
From: Jesper Sobol [mailto:jesper () sobol dk] 
Sent: Wednesday, June 04, 2003 6:30 AM
To: security-basics () securityfocus com
Subject: Is Citrix safe?


As far as I know, Citrix is based on SSL which is not considered very
safe, but unfortunately I dont know enough about Citrix. Could anyone
please comment on the security in regards to Citrix?

- AAA
- SSL encryption
- Digital Certificates
- Man-in-middle attack

What is the generel opinion, and why? I need arguments for and against
Citrix, if any?

Regards,
Jesper Sobol



------------------------------------------------------------------------
---
------------------------------------------------------------------------
----

------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


DISCLAIMER:
-------------------------------------------------------------------------------------------------------------
 Please note that our domain name is changed from adnoc-fod.co.ae to adnoc-dist.co.ae
 Hence change your email addresses accordingly to reflect these changes.
 This communication may contain confidential information.  If you are not the intended recipient 
 please inform us immediately.
 For complete disclaimer note please visit our website at:
 http://www.adnoc-dist.co.ae/emaildisclaimer.htm
                                                                                                                        
     
 Adnoc Distribution-Tel:02-6771300;Fax:02-6722322;
 Email:webmaster () adnoc-dist co ae;Website:http://www.adnoc-dist.co.ae

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------