RE: Sharing internet through Citrix (or better solution) in isolated network?

["TVB NOC" <tvbnoc () temeculavalleybank com>]

I was in an environment where all services ran under Citrix PS4
including Internet. From a security standpoint it made things easier, we
only had to deal with isolating a single subnet for Internet access...
Proxy configurations, Firewall configurations, majority of changes
surrounding security became simpler to deal with...



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Hamid . K
Sent: Monday, November 05, 2007 6:41 AM
To: security-basics () securityfocus com
Subject: Sharing internet through Citrix (or better solution) in
isolated network?

Hi list ,

I`m preparing solution for providing internet-access to internal
users . What I`m looking for is a solution that completely isolate
internet usage and internal systems.

I`m thinking about publishing internet through Citrix based solution,
and keep everything restricted on citrix server/sessions.
But I though there must be better solutions ,as using Citrix p.server
for such case have it`s own security risks , some of them hard to
skip ! 

The good point about terminal based solution IMO is keeping user
workstation clean and (almost) isolated, as it will act like a sandbox
for running browser . 
Any comments?

As always , open-source solutions (if any) are more welcome :)




I`l like to hear your personal experiences both as user & administrator
of such service.


regards
H.K



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com