Security Basics mailing list archives
Re: Citrix Web Interface - VPN - public computer...secure??
From: "Robert Taylor" <rgt () wi mit edu>
Date: Thu, 10 Jul 2008 12:50:42 -0400
I would consider public computers to be a bad idea. You have no idea who set them up or what is running on them. Keystroke loggers/Screen recorders that are installed on purpose or via a virus can easily capture all data from your transaction. You can't guarantee that the public computer has a firewall, os patches, or antivirus on it. SecureID can mitigate some of the password issues, but malicious people can still capture all the data, both keystrokes and screen data that goes through the device. Someone who opens a PO or looks at a pdf of a credit card receipt could inadvertently expose sensitive data. Hot spots only provide connectivity, so hopefully, as long as you use the proper precautions to ensure that someone can't perform a MITM attack or otherwise compromise the secure channel or compromise the machine/laptop over the network they could be ok. Beware the shoulder-surfer tho. rgt Don Joly wrote:
We have a Citrix Secure Gateway that some of our employees use for web VPN access from home. The Citrix Gateway provides users with published applications and desktops and has a valid SSL Cert. We have policies that all must sign agreeing to have some type of firewall enabled, OS patches and anti-virus software up to date. The policy also states that no user is to connect to the Citrix Gateway from a "public computer" or from a public hot spot. I've been asked if we could change this policy to allow connections from public computers and hot spots but I'm not sure how secure this would be. Would this be considered safe to allow this type of access? Why or why not? Thanks, Don _________________________________________________________________ The i’m Talkaton. Can 30-days of conversation change the world? http://www.imtalkathon.com/?source=EML_WLH_Talkathon_ChangeWorld
Current thread:
- Citrix Web Interface - VPN - public computer...secure?? Don Joly (Jul 10)
- Re: Citrix Web Interface - VPN - public computer...secure?? ॐ aditya mukadam ॐ (Jul 11)
- Message not available
- Re: Citrix Web Interface - VPN - public computer...secure?? ॐ aditya mukadam ॐ (Jul 11)
- Message not available
- Re: Citrix Web Interface - VPN - public computer...secure?? ॐ aditya mukadam ॐ (Jul 11)
- Re: Citrix Web Interface - VPN - public computer...secure?? Gleb Paharenko (Jul 11)
- Re: Citrix Web Interface - VPN - public computer...secure?? Robert Taylor (Jul 11)
- <Possible follow-ups>
- Re: Citrix Web Interface - VPN - public computer...secure?? infolookup (Jul 11)
- Re: Citrix Web Interface - VPN - public computer...secure?? K. Brian Kelley (Jul 11)
- RE: Citrix Web Interface - VPN - public computer...secure?? Chris R. Smith (Jul 11)
- Re: Citrix Web Interface - VPN - public computer...secure?? Wilson (Jul 14)