Re: Citrix Metaframe Security Assessment

From: Berdt van der Lingen (berdtvanderlingen@gmail.com)
Date: Fri Jul 22 2005 - 05:12:31 EDT


On 7/21/05, bob sengupta <bobsengupta@hotmail.com> wrote:
> I am looking for a security assessment technique to conduct assessment of a
> Citrix Implementation. I do have a benchmark to check Citrix configurations.
> However, the problem is not having access to the actual devices to be able
> to assess security. Is there a way to export configuration settings from all
> Citrix components and be able to get configuration settings to review? The
> component breakdown is as follows:
>
> Citrix Secure Ticketing Authority
> Citrix/Nfuse Classic server
> Citrix Secure Gateway

I think you would need the following information to:

- ICA protocol encryption level
- Citrix Policy's
- Shadowing settings

and things like: are users allowed to download software form the
internet, are they allowed to run non-authorised software from
locations like a local disk or homedirectory

--
regards,
Berdt van der Lingen
http://hire.berdt.nl


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:37 EDT