RE: Citrix workstation URL viewing

From: Rob Shein (shoten@starpower.net)
Date: Wed Jul 23 2003 - 13:28:02 EDT

• Next message: Ty Bodell: "Wireless MITM"
• Previous message: R. DuFresne: "Re: V/Scan for Wireless LANs"
• In reply to: Bob DeBolt: "Citrix workstation URL viewing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

SpectorSoft makes a number of surveillance utilities, but I am not sure how
well they'd run under Metaframe. You should contact them to ask, and by all
means do make sure that the software is tried on a test server prior to
implementation in a production environment. Furthermore, be extremely
careful of the legal ramifications of this form of monitoring; the software
is capable of capturing far more than just URLs visited, and you will get
yourself into a lot of trouble if you use the full surveillance capacity
possible. Also, I'm not sure that they have a solution that scales in the
fashion you need.

www.spectorsoft.com

Another option would be to utilize a proxy server solution that integrates
with AD (I'm assuming you're using Active Directory) to associate requests
with users. If you are using a Checkpoint firewall, there are
OPSEC-compliant products that can integrate with it to provide this, for a
price.

www.opsec.com

And also keep in mind above all else that it is possible to circumvent all
of this with an anonymizer service.

> -----Original Message-----
> From: Bob DeBolt [mailto:bob.debolt@telusplanet.net]
> Sent: Tuesday, July 22, 2003 10:10 PM
> To: pen-test@securityfocus.com
> Subject: Citrix workstation URL viewing
>
>
> Greets
>
> I don't know if this is the correct
> list but I'll try.
>
> I need to monitor http traffic on a Citrix
> network. It uses 128 bit enc. from client
> desktop to the Citrix servers, in other words
> all internal traffic is encrypted. When traffic
> exits the Citrix servers to the firewall and out to
> the Internet it can be monitored, but will only
> reveal the server IP address. Has anybody faced
> this scenario and did you find a reasonable solution.
>
> By reasonable I mean possibly something like a workstation
> installable utility that catches all the URLs a
> user access's. All we want to do is match URL's with
> a workstation IP.
>
> Sincerely
>
> Bob DeBolt
> Pres / CTO
> Starblanket Research
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------
>
>

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: Ty Bodell: "Wireless MITM"
• Previous message: R. DuFresne: "Re: V/Scan for Wireless LANs"
• In reply to: Bob DeBolt: "Citrix workstation URL viewing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:37 EDT