Thanks for your reply Chris.

But my understanding is that the Secure Gateway encrypts and authenticates the Citrix traffic, but does not protect the NFuse/IIS box from the usual exploits, i.e. Nimda, Code Red, buffer overflows, etc. I want to lock down IIS without breaking NFuse.

On Fri, 18 Oct 2002 10:50:28 -0700 Chris Calaf <ccalafWBCM.com> wrote:
>Citrix has a Product call Citrix Secure Gateway that uses SSL
>
>http://citrix.com/products/csg.asp
>
>you may need a subscription advantage
>
>-----Original Message-----
>From: auto300258hushmail.com [mailto:auto300258hushmail.com]
>Sent: Friday, October 18, 2002 12:22 PM
>To: focus-mssecurityfocus.com
>Subject: Securing Citrix NFuse and IIS 5
>
>
>I'm working on a pilot deployment of Citrix with its NFuse component
>on
>Win2000 to allows remote users to access our LAN via web browser.
>NFuse uses
>IIS 5 installed on the same machine to deliver all of our applications
>to
>the remote user.
>
>Is there anything special to know about hardening IIS 5 in conjunction
>with
>NFuse that anyone here has any experience with? What about a good
>white
>paper on hardening IIS 5, besides what Microsoft has on their web
>site?
>
>Has anyone used EEye's SecureIIS product with NFuse/IIS5? I've heard
>very
>good things about it and hope it might be useful here.
>
>Thanks for any information you might be able to provide.
>
>Regards.
>
>
>
>Get your free encrypted email at https://www.hushmail.com
>
>
>

Get your free encrypted email at https://www.hushmail.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]