Just a quick one: There's a recent bugtraq post about ICA auth being weak
(using the cunning XOR cipher). That would mean that you have effectively no
security for the usernames / passwords you use to authenticate to the Citrix
server.
You may want to check that out.
Cheers,
--
Ben Nagy
Network Consultant, Volante IT
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
> -----Original Message-----
> From: dave kaas [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, 4 April 2000 9:50 AM
> To: [EMAIL PROTECTED]
> Subject: Citrix
>
>
> We have had a request to allow Citrix clients on our LAN to
> pass through
> our firewall-1 to access a Citrix server on the Internet. The access
> lists are straight forward. I seem to remember that at one time there
> were security concerns about Citrix. That there was some way for the
> server to pass commands back to the client?
>
> thank you
>
> dave kaas
>
>
>
> --
> Dave Kaas Internet: [EMAIL PROTECTED]
> Lockheed Martin Services Phone: (509) 376-6386
> United States Department of Energy, Richland, WA
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
