Solved

Citrix remote risk assessment

Posted on 2006-10-20
6
906 Views
Last Modified: 2006-11-23
I have been asked to perform a risk assessment for a client who has users connecting to their site through Citrix

I need to provide them with a report that list the security vulnerbilities and risk from doing so.
I have never done a security risk aassessment and not sure where to begin.

What tools do I need and what to look for?
0
Comment
Question by:Tcarollo
  • 2
6 Comments
 
LVL 25

Accepted Solution

by:
Ron Malmstead earned 125 total points
ID: 17777124
Microsoft Security Baseline Analyzer 2.0 for starters....that will show you typical vulnerabilities for the OS.
Hit Windows update site, to list available updates for the OS as well.

More importantly you need to look at the domain "password policy", complexity, and lockout duration.
Is "passthrough" authentication allowed  on the citrix box ?
Who maintains, and documents who has permission to logon to citrix in Active Directory ?
Are client drives, com ports, audio, or client printer mapped at logon ?
Is there Group Policy applied to the Citrix box ?
Who is an Administrator on the local users and groups for the citrix server ?
Is there a published desktop, or published Apps ?
Is there accounting software on the citrix server, and if so, is the program folder locked to Accounting Group only ?
Is outlook express being used on the server ? If not, there should be permissions on the program folder for only local admins.
Are users allowed to use internet explorer on the server ? If not, lock it down.
If it is a windows 2003 box, is "advanced security configuration" turned on for internet browsing ?
Group policy for trusted, restricted, internet sites ?
Group plicy for Site Zone security settings ?
Can users install print drivers ?
Can users logon with RDP as well ?

Some of the above may help you get started.
good luck.
0
 

Author Comment

by:Tcarollo
ID: 17788232
That is a great start, thanks for all of that info.
My part of the audit doesn't start for a couple weeks.
I will keep in touch and ask more questions if you don't mind.

0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 17791168
ask away.
0
 
LVL 4

Assisted Solution

by:LBACIS
LBACIS earned 125 total points
ID: 17807849
These will do the trick and with the exception of GFI they are free.
                             
                                                Nessus, NEWT, GFILanGuard
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With healthcare moving into the digital age with things like Healthcare.gov, the digitization of patient records and video conferencing with patients, data has a much greater chance of being exposed than ever before.
How do we balance the user experience (UX) with reasonable security measures? It can be done, if you keep these fundamentals in mind.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question