Security Basics mailing list archives
re: Sharing internet through Citrix (or better solution) in isolated network?
From: "Hamid . K" <h.kashfi () yahoo com>
Date: Thu, 8 Nov 2007 17:56:05 -0800 (PST)
Hi Ali, thanks for your replay . Answer looks fine but I`ve few question about anonymous account : What if a session is infected by malware ? will it cause whole server infection ? if for example a malware is installed in running session , will it affect other "anonymous" users ? Will malware/infection be cleaned up , after next login ? ( something like a restore-point in VMware ) while keeping your advice for a short time deployment , I`m looking for a long-term solution , every user have his own customized settings , like boomarks , stored cookies ,etc... . And isolating users as much as possible. for example if a user mess his session with visiting a malware site , other users stay safe . best regards Hamid,kashfi ----- Original Message ---- From: "Ali, Saqib" <docbook.xml () gmail com> To: Hamid . K <elite_netbios () yahoo com> Cc: security-basics () securityfocus com Sent: Monday, November 5, 2007 8:51:03 PM Subject: Re: Sharing internet through Citrix (or better solution) in isolated network? The best way I have found so far: Publish IE/Firefox on Citrix, and use "Anoymous Citrix users accounts". Clean Anonymous user space after logoff. This works very well, if you don't need to track your internal user's activity on the internet i.e. you trust your internal users. saqib http://security-basics.blogspot.com/ On Nov 5, 2007 6:41 AM, Hamid . K <elite_netbios () yahoo com> wrote:
Hi list , I`m preparing solution for providing internet-access to internal users . What I`m looking for is a solution that completely isolate internet usage and internal systems. I`m thinking about publishing internet through Citrix based solution, and keep everything restricted on citrix server/sessions. But I though there must be better solutions ,as using Citrix p.server for such case have it`s own security risks , some of them hard to skip ! The good point about terminal based solution IMO is keeping user workstation clean and (almost) isolated, as it will act like a
sandbox
for running browser . Any comments? As always , open-source solutions (if any) are more welcome :) I`l like to hear your personal experiences both as user &
administrator
of such service. regards H.K __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
-- Saqib Ali, CISSP, ISSAP http://www.full-disk-encryption.net __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- Sharing internet through Citrix (or better solution) in isolated network? Hamid . K (Nov 05)
- Re: Sharing internet through Citrix (or better solution) in isolated network? Ali, Saqib (Nov 05)
- Re: Sharing internet through Citrix (or better solution) in isolated network? infolookup (Nov 06)
- RE: Sharing internet through Citrix (or better solution) in isolated network? TVB NOC (Nov 05)
- RE: Sharing internet through Citrix (or better solution) in isolated network? Сергей Цапок (Nov 05)
- Re: Sharing internet through Citrix (or better solution) in isolated network? Ansgar -59cobalt- Wiechers (Nov 05)
- RE: Sharing internet through Citrix (or better solution) in isolated network? Craig Wright (Nov 07)
- RE: Sharing internet through Citrix (or better solution) in isolated network? Mohamed Farid (Nov 13)
- <Possible follow-ups>
- re: Sharing internet through Citrix (or better solution) in isolated network? Hamid . K (Nov 08)
- re: Sharing internet through Citrix (or better solution) in isolated network? Hamid . K (Nov 08)
- RE: Sharing internet through Citrix (or better solution) in isolated network? Nhon Yeung (Nov 08)
- Re: Sharing internet through Citrix (or better solution) in isolated network? Ali, Saqib (Nov 05)