Security Basics mailing list archives
re: Sharing internet through Citrix (or better solution) in isolated network?
From: "Hamid . K" <h.kashfi () yahoo com>
Date: Thu, 8 Nov 2007 17:55:30 -0800 (PST)
Hi thanks for your replay . I`ve not been familiar with SoftGrid , thanks for pointing it out. I`m going to evaluate it in few hours , but have few questions in mind about it : How the session management works ? for example , will every single user have his own set of customizations on browser , and be able to keep it on every login ? what if a user get infected ? will infection affect other users on same server ? Will the infection stay after user open new sessions , or everything will be cleaned-up after closing session , and we`ll have a fresh new session every login ? Is it possible to limit TS session to only publish specific shared application ( IE for example ) and filter out everything else ,including windoes explorer... ? right like what we see in Citrix. from security point of view , which solution you recommend more safe ? softGrid or Citrix ? ( considering their capabilities to harden sessions ) best regards Hamid Kashfi ----- Original Message ---- From: Сергей Цапок <obilion () gmail com> To: Hamid . K <elite_netbios () yahoo com> Cc: security-basics () securityfocus com Sent: Tuesday, November 6, 2007 12:27:17 AM Subject: RE: Sharing internet through Citrix (or better solution) in isolated network? Hi! Here's how you can build a solution using only Microsoft's tools, no Citrix is needed: 1) Implement Windows Terminal Services 2) Deploy Microsoft Softgrid application virtualization platform 3) Deploy IE/Opera/Firefox through Softgrid to your terminal services clients (each application instance works in it's own virtual environment, like a sandbox) 4) Filter internet users via ISA server based on AD Policies for better security -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Hamid . K Sent: Monday, November 05, 2007 4:41 PM To: security-basics () securityfocus com Subject: Sharing internet through Citrix (or better solution) in isolated network? Hi list , I`m preparing solution for providing internet-access to internal users . What I`m looking for is a solution that completely isolate internet usage and internal systems. I`m thinking about publishing internet through Citrix based solution, and keep everything restricted on citrix server/sessions. But I though there must be better solutions ,as using Citrix p.server for such case have it`s own security risks , some of them hard to skip ! The good point about terminal based solution IMO is keeping user workstation clean and (almost) isolated, as it will act like a sandbox for running browser . Any comments? As always , open-source solutions (if any) are more welcome :) I`l like to hear your personal experiences both as user & administrator of such service. regards H.K __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- Sharing internet through Citrix (or better solution) in isolated network? Hamid . K (Nov 05)
- Re: Sharing internet through Citrix (or better solution) in isolated network? Ali, Saqib (Nov 05)
- Re: Sharing internet through Citrix (or better solution) in isolated network? infolookup (Nov 06)
- RE: Sharing internet through Citrix (or better solution) in isolated network? TVB NOC (Nov 05)
- RE: Sharing internet through Citrix (or better solution) in isolated network? Сергей Цапок (Nov 05)
- Re: Sharing internet through Citrix (or better solution) in isolated network? Ansgar -59cobalt- Wiechers (Nov 05)
- RE: Sharing internet through Citrix (or better solution) in isolated network? Craig Wright (Nov 07)
- RE: Sharing internet through Citrix (or better solution) in isolated network? Mohamed Farid (Nov 13)
- <Possible follow-ups>
- re: Sharing internet through Citrix (or better solution) in isolated network? Hamid . K (Nov 08)
- re: Sharing internet through Citrix (or better solution) in isolated network? Hamid . K (Nov 08)
- RE: Sharing internet through Citrix (or better solution) in isolated network? Nhon Yeung (Nov 08)
- Re: Sharing internet through Citrix (or better solution) in isolated network? Ali, Saqib (Nov 05)