Home page logo
/

basics logo Security Basics mailing list archives

RE: Sharing internet through Citrix (or better solution) in isolated network?
From: "Nhon Yeung" <Nhon.Yeung () cranegroup com au>
Date: Fri, 9 Nov 2007 16:26:59 +1100

You can also look at (VDI) virtual desktop infrastructure from vmware,
this will resolve your customization issues and you should also be able
to use restore-points
http://www.vmware.com/products/vdi/


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Hamid . K
Sent: Friday, 9 November 2007 12:56 PM
To: security-basics () securityfocus com
Subject: re: Sharing internet through Citrix (or better solution) in
isolated network?

Hi Ali, 

thanks for your replay .
Answer looks fine but I`ve few question about anonymous account :

What if a session is infected by malware ?
will it cause whole server infection ? 
if for example a malware is installed in running session , will it
 affect other "anonymous" users ?
Will malware/infection be cleaned up , after next login ? ( something
 like a restore-point in VMware )

while keeping your advice for a short time deployment , 
I`m looking for a long-term solution , every user have his own
 customized settings , like 
boomarks , stored cookies ,etc...   . And isolating users as much as
 possible. for example
if a user mess his session with visiting a malware site , other users
 stay safe . 



best regards
Hamid,kashfi


----- Original Message ----
From: "Ali, Saqib" <docbook.xml () gmail com>
To: Hamid . K <elite_netbios () yahoo com>
Cc: security-basics () securityfocus com
Sent: Monday, November 5, 2007 8:51:03 PM
Subject: Re: Sharing internet through Citrix (or better solution) in
 isolated network?


The best way I have found so far:

Publish IE/Firefox on Citrix, and use "Anoymous Citrix users
accounts". Clean Anonymous user space after logoff.

This works very well, if you don't need to track your internal user's
activity on the internet i.e. you trust your internal users.

saqib
http://security-basics.blogspot.com/




On Nov 5, 2007 6:41 AM, Hamid . K <elite_netbios () yahoo com> wrote:
Hi list ,

I`m preparing solution for providing internet-access to internal
users . What I`m looking for is a solution that completely isolate
internet usage and internal systems.

I`m thinking about publishing internet through Citrix based solution,
and keep everything restricted on citrix server/sessions.
But I though there must be better solutions ,as using Citrix p.server
for such case have it`s own security risks , some of them hard to
skip !

The good point about terminal based solution IMO is keeping user
workstation clean and (almost) isolated, as it will act like a
 sandbox
for running browser .
Any comments?

As always , open-source solutions (if any) are more welcome :)




I`l like to hear your personal experiences both as user &
 administrator
of such service.


regards
H.K



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com




-- 
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net




__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 




__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


Any views expressed in this message are those of the individual sender, except where the sender specifically states 
them to be the views of Crane Group


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]