Citrix Web Interface - VPN - public computer...secure??
|
View:
New views
9 Messages
—
Rating Filter:
Alert me
|
 |
Citrix Web Interface - VPN - public computer...secure??
by Don Joly
::
Rate this Message:
We have a Citrix Secure Gateway that some of our employees use for web VPN access from home. The Citrix Gateway provides users with published applications and desktops and has a valid SSL Cert. We have policies that all must sign agreeing to have some type of firewall enabled, OS patches and anti-virus software up to date. The policy also states that no user is to connect to the Citrix Gateway from a "public computer" or from a public hot spot. I've been asked if we could change this policy to allow connections from public computers and hot spots but I'm not sure how secure this would be. Would this be considered safe to allow this type of access? Why or why not? Thanks, Don _________________________________________________________________ The i’m Talkaton. Can 30-days of conversation change the world? http://www.imtalkathon.com/?source=EML_WLH_Talkathon_ChangeWorld |
|
|
|
|
|
|
|
|
Re: Citrix Web Interface - VPN - public computer...secure??
by ॐ aditya mukadam ॐ
::
Rate this Message:
First of all let me say comment/compliment that the policy for WebVPN
set up is done really well and correctly. It is an absolutely bad idea to allow intranet access from public computers because of reasons like it might have keylogger, virus on it, vulnerable OS which can allow user to hack that public pc ( while you are connected to intranet via WebVPN) n so on. If you still want to do it, you can develop seperate group of resources (which won't hurt you n your company if it gets exposed to threats etc) inshort -'not so important resources'. You should create seprate group to allow users to connect to it from public computer if you want to. However, please understand the risks you are taking in such cases. Remember my friend, security is often compromised for the ease of use !!! Thanks, Aditya Govind Mukadam On Thu, Jul 10, 2008 at 8:47 AM, Don Joly <fuwmanchew@...> wrote: > > We have a Citrix Secure Gateway that some of our employees use for web VPN access from home. The Citrix Gateway provides users with published applications and desktops and has a valid SSL Cert. We have policies that all must sign agreeing to have some type of firewall enabled, OS patches and anti-virus software up to date. The policy also states that no user is to connect to the Citrix Gateway from a "public computer" or from a public hot spot. I've been asked if we could change this policy to allow connections from public computers and hot spots but I'm not sure how secure this would be. Would this be considered safe to allow this type of access? Why or why not? > > Thanks, > Don > > > > _________________________________________________________________ > The i'm Talkaton. Can 30-days of conversation change the world? > http://www.imtalkathon.com/?source=EML_WLH_Talkathon_ChangeWorld |
|
|
Re: Citrix Web Interface - VPN - public computer...secure??
by Robert Taylor-12
::
Rate this Message:
I would consider public computers to be a bad idea. You have no idea who
set them up or what is running on them. Keystroke loggers/Screen recorders that are installed on purpose or via a virus can easily capture all data from your transaction. You can't guarantee that the public computer has a firewall, os patches, or antivirus on it. SecureID can mitigate some of the password issues, but malicious people can still capture all the data, both keystrokes and screen data that goes through the device. Someone who opens a PO or looks at a pdf of a credit card receipt could inadvertently expose sensitive data. Hot spots only provide connectivity, so hopefully, as long as you use the proper precautions to ensure that someone can't perform a MITM attack or otherwise compromise the secure channel or compromise the machine/laptop over the network they could be ok. Beware the shoulder-surfer tho. rgt Don Joly wrote: > We have a Citrix Secure Gateway that some of our employees use for web VPN access from home. The Citrix Gateway provides users with published applications and desktops and has a valid SSL Cert. We have policies that all must sign agreeing to have some type of firewall enabled, OS patches and anti-virus software up to date. The policy also states that no user is to connect to the Citrix Gateway from a "public computer" or from a public hot spot. I've been asked if we could change this policy to allow connections from public computers and hot spots but I'm not sure how secure this would be. Would this be considered safe to allow this type of access? Why or why not? > > Thanks, > Don > > > > _________________________________________________________________ > The i’m Talkaton. Can 30-days of conversation change the world? > http://www.imtalkathon.com/?source=EML_WLH_Talkathon_ChangeWorld |
|
|
|
|
|
Re: Citrix Web Interface - VPN - public computer...secure??
by Gleb Paharenko-3
::
Rate this Message:
Hi.
It is very risky to use public networks without two factor authentication. Consider one time password tokens. 2008/7/10 Don Joly <fuwmanchew@...>: > > We have a Citrix Secure Gateway that some of our employees use for web VPN access from home. The Citrix Gateway provides users with published applications and desktops and has a valid SSL Cert. We have policies that all must sign agreeing to have some type of firewall enabled, OS patches and anti-virus software up to date. The policy also states that no user is to connect to the Citrix Gateway from a "public computer" or from a public hot spot. I've been asked if we could change this policy to allow connections from public computers and hot spots but I'm not sure how secure this would be. Would this be considered safe to allow this type of access? Why or why not? > > Thanks, > Don > > > > _________________________________________________________________ > The i'm Talkaton. Can 30-days of conversation change the world? > http://www.imtalkathon.com/?source=EML_WLH_Talkathon_ChangeWorld -- Best regards. Gleb Pakharenko. http://gpaharenko.livejournal.com http://www.linkedin.com/in/gpaharenko |
|
|
RE: Citrix Web Interface - VPN - public computer...secure??
by Chris R. Smith
::
Rate this Message:
With GoToMyPc you have one time passwords for security, but not sure about sniffers.
Chris R. Smith * VP of Information Technology * csmith@... www.sunshinesavingsbank.com 1400 E. Park Avenue * Tallahassee, FL 32301 * (850) 219-7302 or Toll-Free (800) 468-3993 NOTICE OF CONFIDENTIALITY: This e-mail message and its attachments (if any) may contain confidential and privileged material for the sole use of the intended recipient(s). If you are not the intended recipient of this message, you are hereby notified that any unauthorized review, use, retention, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. Delivery of this message to any person other than the intended recipient is not intended to waive any right or privilege. If you have received this message in error, please promptly notify the sender by reply e-mail and immediately delete this message from your system. Opinions, conclusions and other information in this message that do not relate to the official business of Sunshine Savings Bank shall be understood as neither given nor endorsed by it. -----Original Message----- From: listbounce@... [mailto:listbounce@...] On Behalf Of K. Brian Kelley Sent: Thursday, July 10, 2008 11:11 AM To: Don Joly; security-basics@... Subject: Re: Citrix Web Interface - VPN - public computer...secure?? Public computers? I wouldn't consider that safe. One just has to do a Google search on Kinkos and GoToMyPC to see why. With a public computer there is absolutely no guarantee of any sort of reasonable precautions such as up-to-date AV. If you were using Citrix Access Gateway you could do some level of endpoint analysis, but that's not the case with CSG. K. Brian Kelley, CISA, MCSE, Security+ Contributing Author: How to Cheat at Securing SQL Server 2005 Regular Columnist, SQLServerCentral.com and SQL Server Standard Magazine http://www.truthsolutions.com/ http://blogs.sqlservercentral.com/brian_kelley/default.aspx ----- Original Message ---- From: Don Joly <fuwmanchew@...> To: security-basics@... Sent: Wednesday, July 9, 2008 11:17:02 PM Subject: Citrix Web Interface - VPN - public computer...secure?? We have a Citrix Secure Gateway that some of our employees use for web VPN access from home. The Citrix Gateway provides users with published applications and desktops and has a valid SSL Cert. We have policies that all must sign agreeing to have some type of firewall enabled, OS patches and anti-virus software up to date. The policy also states that no user is to connect to the Citrix Gateway from a "public computer" or from a public hot spot. I've been asked if we could change this policy to allow connections from public computers and hot spots but I'm not sure how secure this would be. Would this be considered safe to allow this type of access? Why or why not? Thanks, Don _________________________________________________________________ The i'm Talkaton. Can 30-days of conversation change the world? http://www.imtalkathon.com/?source=EML_WLH_Talkathon_ChangeWorld ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ |
|
|
|
| Free Forum Powered by Nabble | Forum Help |