|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Kevin Spett (kspett_at_spidynamics.com)
Date: Mon Oct 21 2002 - 13:03:12 CDT
Here's a list of links that detail some known Citrix issues at the
web-layer. These are just known issues, keep in mind that there may be all
kinds of Citrix web application problems that haven't been found yet. If I
were you I'd go through the .asp/.jsp source files before deploying it.
http://www.securiteam.com/securitynews/5RP0L2K6KO.html
http://www.securiteam.com/securitynews/5XP061F4UE.html
http://www.securiteam.com/windowsntfocus/5ZP0L0U61G.html
http://cert.uni-stuttgart.de/archive/bugtraq/2002/03/msg00398.html
Kevin Spett
SPI Labs
http://www.spidynamics.com/
----- Original Message -----
From: <auto300258
hushmail.com>
To: <focus-mssecurityfocus.com>
Sent: Friday, October 18, 2002 12:21 PM
Subject: Securing Citrix NFuse and IIS 5
>
> I'm working on a pilot deployment of Citrix with its NFuse component on
Win2000 to allows remote users to access our LAN via web browser. NFuse uses
IIS 5 installed on the same machine to deliver all of our applications to
the remote user.
>
> Is there anything special to know about hardening IIS 5 in conjunction
with NFuse that anyone here has any experience with? What about a good white
paper on hardening IIS 5, besides what Microsoft has on their web site?
>
> Has anyone used EEye's SecureIIS product with NFuse/IIS5? I've heard very
good things about it and hope it might be useful here.
>
> Thanks for any information you might be able to provide.
>
> Regards.
>
>
>
> Get your free encrypted email at https://www.hushmail.com
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]