[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Citrix MetaFrame XP with NFuse and port 1494
We are testing out Citrix MetaFrame XP and using their NFuse web interface. The beginning connections by the user are all done through the web interface, and can be secured via SSL, but the last piece goes directly from the client on the Internet to the MetaFrame server and no longer routes through the web front end, so it is no longer using SSL for encryption. This requires opening port 1494 directly to the MetaFrame server. Citrix can use up to RC5 128-bit encryption for the communication going over 1494 Citrix's ICA protocol. It works basically like this. 1. User hits web site and logs in (encrypted via SSL) ICA client can be installed over the web at this time 2. Web site passes user information to Citrix Server (can be encrypted via Citrix's SSL relay) 3. Citrix server passes to web server list of published apps that user can access (can be encrypted via Citrix's SSL relay) 4. Web server generates page with links to the publish apps which it sends to the web browser (encrypted via SSL) 5. User clicks on desired app, which send a request for an ICA file to the web server (encrypted via SSL) 6. Web server puts in info specific to user and sends ICA file back to browser which is passed onto the local ICA client (encrypted via SSL) 7. The ICA client receives the file and initiates a session directly with the Citrix server (encrypted via RC5 128-bit) What security issues should I be aware of when setting this up? Are there any know vulnerabilities on port 1494 that I will be exposing my network to? As I see it, it seems that this is fairly similar to accessing data through a web interface encrypted with SSL, it is just going over a different port and using a different encryption algorithm. Am I missing anything here? Should I be worried about setting up a configuration of this type? Thanks for the help. _______________________________________ Rick Camp Senior Consultant Welsh Consulting, Inc. 31 Milk Street, Suite 805 Boston, MA 02109TelFax [email protected] www.welsh.com ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|