Security Basics: Re: Citrix Web Interface - VPN

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Basics mailing list archives

Re: Citrix Web Interface - VPN - public computer...secure??

From: Wilson <securitynewsgroup () gmail com>
Date: Mon, 14 Jul 2008 15:10:16 +1000

 Hi all, just on a similar topic, how can I find out which user logon
via Citrix Access Gateway at what time through which policy?

CitrixACE in eventvwr does not provide much information, and I prefer
to use any built in logging rather than external software.
Any suggestions?

Thanks in advance.

Wil

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of ? aditya mukadam ?
Sent: Friday, 11 July 2008 2:10 AM
To: Don Joly; security-basics () securityfocus com
Subject: Re: Citrix Web Interface - VPN - public computer...secure??

First of all let me say comment/compliment that the policy for WebVPN set up is done really well and correctly. It is 
an absolutely bad idea to allow intranet access from public computers because of reasons like it might have 
keylogger, virus on it, vulnerable OS which can allow user to hack that public pc ( while you are connected to 
intranet via
WebVPN) n so on.

If you still want to do it, you can develop seperate group of resources (which won't hurt you n your company if it 
gets exposed to threats etc) inshort -'not so important resources'. You should create seprate group to allow users to 
connect to it from public computer if you  want to. However, please understand the risks you are taking in such cases.

Remember my friend, security is often compromised for the ease of use !!!

Thanks,
Aditya Govind Mukadam

On Thu, Jul 10, 2008 at 8:47 AM, Don Joly <fuwmanchew () live com> wrote:


We have a Citrix Secure Gateway that some of our employees use for web VPN access from home. The Citrix Gateway 
provides users with published applications and desktops and has a valid SSL Cert. We have policies that all must 
sign agreeing to have some type of firewall enabled, OS patches and anti-virus software up to date. The policy also 
states that no user is to connect to the Citrix Gateway from a "public computer" or from a public hot spot. I've 
been asked if we could change this policy to allow connections from public computers and hot spots but I'm not sure 
how secure this would be. Would this be considered safe to allow this type of access? Why or why not?

Thanks,
Don

By Date By Thread

Current thread:

Re: Citrix Web Interface - VPN - public computer...secure??, (continued)
- Re: Citrix Web Interface - VPN - public computer...secure?? Gleb Paharenko (Jul 11)
- Re: Citrix Web Interface - VPN - public computer...secure?? Robert Taylor (Jul 11)
- Re: Citrix Web Interface - VPN - public computer...secure?? infolookup (Jul 11)
- Re: Citrix Web Interface - VPN - public computer...secure?? K. Brian Kelley (Jul 11)
  - RE: Citrix Web Interface - VPN - public computer...secure?? Chris R. Smith (Jul 11)
- Re: Citrix Web Interface - VPN - public computer...secure?? Wilson (Jul 14)