Penetration Testing mailing list archives

Re: Citrix Metaframe Security Assessment

From: Berdt van der Lingen <berdtvanderlingen () gmail com>
Date: Fri, 22 Jul 2005 11:12:31 +0200

On 7/21/05, bob sengupta <bobsengupta () hotmail com> wrote:

I am looking for a security assessment technique to conduct assessment of a
Citrix Implementation. I do have a benchmark to check Citrix configurations.
However, the problem is not having access to the actual devices to be able
to assess security. Is there a way to export configuration settings from all
Citrix components and be able to get configuration settings to review? The
component breakdown is as follows:

Citrix Secure Ticketing Authority
Citrix/Nfuse Classic server
Citrix Secure Gateway


I think you would need the following information to:

- ICA protocol encryption level
- Citrix Policy's
- Shadowing settings

and things like: are users allowed to download software form the
internet, are they allowed to run non-authorised software from
locations like a local disk or homedirectory

--
regards,

Berdt van der Lingen

http://hire.berdt.nl

Current thread:

Citrix Metaframe Security Assessment bob sengupta (Jul 21)
- Re: Citrix Metaframe Security Assessment Compuoso (Jul 21)
- Re: Citrix Metaframe Security Assessment Berdt van der Lingen (Jul 22)