Hi It all depends on ur rules and policies and configurations. If theres a loop hole in ur policies or rules definition and ur servers are not properly hardened then no one is to be blamed.
We also have a CSG but I have not yet fully rolled out. Put it in the DMZ and allow only SSL and ICA protocol thru CSG and encrypt the watch out for any security breaches on the above protocols and keep on updating htem. Also on top of it if u could harden the CSG acc to MS then it should be safe..it all depends on the organisation to have dedicated IS Security group. Otherwise maintenance of these patches is byitself a very big head ache!! Currently im undergoing a big trauma cos I shoulder admin and security responsibilities.. Regrds -----Original Message----- From: Tuttle, Jim [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2003 1:02 AM To: Jesper Sobol; [EMAIL PROTECTED] Subject: RE: Is Citrix safe? Citrix is not safe. End of story. You can implement the Citrix Secure Gateway and Transaction Authority for added protection. Get ready to do some serious group policy work though. The key is to secure your servers in the farm, set up the CSG, run it all over 128bit encryption thru your SSL Nfuse gateway. That's what I do. Jim Tuttle Willamette ESD Network Security Analyst -----Original Message----- From: Jesper Sobol [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 6:30 AM To: [EMAIL PROTECTED] Subject: Is Citrix safe? As far as I know, Citrix is based on SSL which is not considered very safe, but unfortunately I dont know enough about Citrix. Could anyone please comment on the security in regards to Citrix? - AAA - SSL encryption - Digital Certificates - Man-in-middle attack What is the generel opinion, and why? I need arguments for and against Citrix, if any? Regards, Jesper Sobol ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- DISCLAIMER: ------------------------------------------------------------------------------------------------------------- Please note that our domain name is changed from adnoc-fod.co.ae to adnoc-dist.co.ae Hence change your email addresses accordingly to reflect these changes. This communication may contain confidential information. If you are not the intended recipient please inform us immediately. For complete disclaimer note please visit our website at: http://www.adnoc-dist.co.ae/emaildisclaimer.htm Adnoc Distribution-Tel:02-6771300;Fax:02-6722322; Email:[EMAIL PROTECTED];Website:http://www.adnoc-dist.co.ae --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
