Firewall Wizards mailing list archives
Re: Citrix vs OWA
From: "Paul D. Robertson" <paul () compuwar net>
Date: Sat, 18 Jun 2005 10:59:42 -0400 (EDT)
On Fri, 17 Jun 2005, Brian Gardner wrote:
Greetings everyone. As the network administrator (and security minded person) for our small local government network (300 users), I've been asked to make our internal email (Exchange 2003) and other applications (not web based apps, just internal) and files available from the internet through our Checkpoint firewall. I've done much reading on Outlook Web Access and
The first thing you should do is to get authority to do a real risk assessment- since you'll be potentially opening up all the goodies to any potential attacker on the planet, and since that means that it's more likely that folks will use compromised home computers to conduct business. It may be "ok" for some applications and not others, which would mean having to build out more security infrastructure to limit the potential damage. I'll add at this point that the worst breach I've ever seen was at a municipality where someone had (a) broken into the court system, (b) trojaned hundreds of systems and (c) broken into the interactive voice response (IVR) system. There was lots more going on there, but those were three rather large issues I had to deal with.
it's security implications as well as followed the many topics here regarding remote access. What I haven't seen mentioned here as an alternative to OWA is Citrix via the Presentation Server and Secure Gateway. Assuming you deploy the Citrix solution properly, apply patches, etc, what is the general consensus regarding Citrix? Good idea? Bad idea?
Anytime you extend your trust boundary, it's bad for security- the question is if it's necessary to extend it or if it's just convenient- that's the point of doing an up-front assessment.
At this point I haven't deployed or setup anything, and I'm not looking for specific instructions or how-to's, rather a feel for which I'm going to have the least amount of trouble with, and an answer to the statement my supervisor(s) make that "everybody else does it, why can't we?"
Do the assessment, or have someone do it for you- then provide them with the "if we do this, there's a risk of that" stuff in writing- then they get to choose if they want to take the same risk as "everybody else." FWIW, I'd do one-time tokens for OWA *or* Citrix just to make sure that the user's responsibility is upheld. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Citrix vs OWA Brian Gardner (Jun 17)
- Re: Citrix vs OWA David Lang (Jun 18)
- Re: Citrix vs OWA Paul D. Robertson (Jun 18)
- Re: Citrix vs OWA Victor Williams (Jun 18)