Link to home
Start Free TrialLog in
Avatar of Pau Lo
Pau Lo

asked on

Presentation Server / XenApp

What areas would typically be covered when reviewing the security of an organisations citrix presentation server / xenapp environment? Are there any automated tools to help with such a security review / manual review? To me it looks as simple as a user clicking a shortcut on his desktop which in turn opens up a citrix session and they work as normal on this "remote desktop". I am sure there must be more to it than that.
ASKER CERTIFIED SOLUTION
Avatar of Tony J
Tony J
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Pau Lo
Pau Lo

ASKER

Many Thanks - some great pointers.

Could you ellaborate perhaps on:

"You may want to consider things like client to server clipboard mapping - some establishments don't like this."

I am unsure of this
Avatar of Pau Lo

ASKER

Likewise local drive mapping - this can be considered one of the most important security gotcha's depending on the site. Some places see it as being useful for their staff to be able to access their local disks but for others it's a complete no-no.

Also whats the key risk? Are you talking about browsing the local drive on the citrix presentation server, or the local pc on which the citrix shortcut is located?
Of course - out of the box, Citrix will allow a user to copy something on, say their workstation and paste it into their Citrix session, and back in the other direction.

Let's assume that the company that they work for mandated that no local drives were mapped and that all work should only be saved to a share (oh I missed that one, too - you might want to hide local drives on the server from view - just google hide server drives in citrix for how to do it).

If clipboard mapping is enabled, there is nothing to stop the user opening, say a confindential word document, selecting all and copying everything and then opening Word on their workstation and pasting the contents into it.

Of course, if said user also has email access via Citrix, nor is there anything to stop them emailing it to themselves, either :)

With local drive mapping, what happens is that when a user logs into a Citrix session they can see the drives on their workstation.

Now some companies don't like this - some from a security standpoint, but also some from the simple fact that they don't want files stored locally, not being backed up, not being kept up to date etc.
What I have tended to do is hide the server local drives (C, D, etc on the server) so that they're not visible to the end user at all but they're still accessible and then to hide users workstation drives if required by the company.
Avatar of Pau Lo

ASKER

Is there anything stopping them browsing the local drives on the Citrix Server by default?