RE: Sharing internet through Citrix (or better solution) in isolated network?

["Mohamed Farid" <mfarid () mscc com eg>]

We used Citrix in our environment and we secure it by SGS implementation
..
And also the file transferring between the internet Zone and the
Internal Zone can be applied through a very secure intermediate process
...

It gave us a good performance and administration capabilities ...

Mohamed Farid ,, 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Hamid . K
Sent: Monday, November 05, 2007 4:41 PM
To: security-basics () securityfocus com
Subject: Sharing internet through Citrix (or better solution) in
isolated network?

Hi list ,

I`m preparing solution for providing internet-access to internal
users . What I`m looking for is a solution that completely isolate
internet usage and internal systems.

I`m thinking about publishing internet through Citrix based solution,
and keep everything restricted on citrix server/sessions.
But I though there must be better solutions ,as using Citrix p.server
for such case have it`s own security risks , some of them hard to
skip ! 

The good point about terminal based solution IMO is keeping user
workstation clean and (almost) isolated, as it will act like a sandbox
for running browser . 
Any comments?

As always , open-source solutions (if any) are more welcome :)




I`l like to hear your personal experiences both as user & administrator
of such service.


regards
H.K



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 
This e-mail (including attachments) is classified as Mediterranean Smart Cards Company confidential and proprietary 
information 
The recipient hereby is committed to hold in strict confidence the contents of this (e-mail, document, and information) 
and not to disclose to any third party without the prior written consent of Mediterranean Smart Cards Company. 
Recipient will be held liable for any unauthorized disclosure.
It is intended solely for the addressee. Unless you are the addressee, you may not read, copy, use or store this e-mail 
in any way, or permit others to. 
If you have received it in error, please notify the sender by return e-mail and delete the message in its entirety, 
including any attachments
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *