At our institution only a few people are allowed to use the VPN from
offsite. Those users are given unique names/passwords onto the VPN. That
username/password is separate from the username/password combination they
have for the Windows domain. Their activity is also logged on our firewall
(which doubles as the VPN) in case questions arise
In those instances that they do use the VPN, they then connect to a machine
on the network that has Citrix NFUSE installed (a web based interface for
Citrix). From NFUSE they are given a list of program icons that they can
use. In the case of our administrators they are given an icon for logging
directly into the Citrix servers which then have the various admin tools
they might need including User Manager for Domains, Server Manager, etc etc.
The biggest risk would be if one of the people with VPN access had their
home computer stolen but that could be addressed by disabling their VPN
username/password.
-----Original Message-----
From: Robin Landis [mailto:robin.landis (at) exim (dot) gov [email concealed]]
Sent: Wednesday, March 02, 2005 2:57 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Remote Terminal Services :VSMail mx4
Are you allowing administrators to use terminal services to administer
servers remotely via Citrix or VPN. Do you put restrictions on use and
what concerns did you identify when evaluating risks.
offsite. Those users are given unique names/passwords onto the VPN. That
username/password is separate from the username/password combination they
have for the Windows domain. Their activity is also logged on our firewall
(which doubles as the VPN) in case questions arise
In those instances that they do use the VPN, they then connect to a machine
on the network that has Citrix NFUSE installed (a web based interface for
Citrix). From NFUSE they are given a list of program icons that they can
use. In the case of our administrators they are given an icon for logging
directly into the Citrix servers which then have the various admin tools
they might need including User Manager for Domains, Server Manager, etc etc.
The biggest risk would be if one of the people with VPN access had their
home computer stolen but that could be addressed by disabling their VPN
username/password.
-----Original Message-----
From: Robin Landis [mailto:robin.landis (at) exim (dot) gov [email concealed]]
Sent: Wednesday, March 02, 2005 2:57 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Remote Terminal Services :VSMail mx4
Are you allowing administrators to use terminal services to administer
servers remotely via Citrix or VPN. Do you put restrictions on use and
what concerns did you identify when evaluating risks.
Thanks,
Robin
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]