Ideals on Securing a Citrix /Terminal Service Environment

[infolookup at gmail.com (infolookup at gmail.com)]

We are publishing both desktops and applications encryption is 128 bit.
------Original Message------
From: Raffi Jamgotchian
To: infolookup at gmail.com
To: PaulDotCom Security Weekly Mailing List
Sent: Jan 13, 2009 8:43 AM
Subject: Re: [Pauldotcom] Ideals on Securing a Citrix /Terminal Service Environment

Are you publishing full desktops or applications?

Right off the bat, disable RDP and enable ICA only and ensure that you  
are encrypting at the very least the logins but if you can "afford" it  
the whole stream.

On Jan 13, 2009, at 7:40 AM, infolookup at gmail.com wrote:

> Hello All!
>
> If some of you are on security-basics you might think I am cross  
> posting but I only got one reply there so I am posting here!
>
> <Question>
>
> We are in the process of auditing and locking down our security  
> settings on our Citrix Presentation Server farms and I would like to  
> get some feed back on what others are doing to secure their Citrix  
> or terminal server environment.
>
> So far we have used GPO allow certain types of executables, disabled
> right clicking or creation of short cuts, disabled IE the  search  
> function on IE, and we are using an Internet proxy so sites like  
> ikat and the likes are blocked.
>
> I know this is the very basics but I am just looking to get an ideal  
> on others setup.
>
> </question>
>
> Thanks in advance.
> Sent from my Verizon Wireless BlackBerry
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com



Sent from my Verizon Wireless BlackBerry