Geeks With Blogs

News Clicky Web Analytics

web stats View David Caddick ('s profile on LinkedIn

Search this Site!

Locations of visitors to this page
View My Stats eXTReMe Tracker
This posting is provided "AS IS" with no warranties, and confers no rights. The opinions expressed within are my own and should not be attributed to any other Individual, Company or the one I work for. I just happen to be a classic techie who is passionate about getting things to work as they should do (and are sometimes advertised and marketed as being able to?) and when I can I drop notes here to help others falling in to the same traps that I have fallen in to. If this has helped then please pass it on - if you feel that I have commented in error or disagree then please feel free to discuss with me either publically or privately? Cheers, Dave
Thin Clients, VDI and Linux integration from the front lines.... Raw and sometimes unedited notes based on my experiences with VMware, Thin Clients, Linux etc.

I can't remember why it came up again today, but I was reminded of an article Brian Madden did back at the start of the year (also based on Thomas's earlier comments on what *should* be added to WI) on Security regarding the use of the "robots.txt" in an NFuse / Web Interface installations.

Now just a quick review of these google searches:
"MetaFrame Presentation Server Login",  was 70,  now 241
"MetaFrame XP Login",  was 300,  now  335
"/MetaFrame/default/login",  was ??,   now  133

So on the surface of it, it looks like it's not getting too bad, right?

Well, about 18 months ago I tried a search on google for "ica filetype:ica" and believe it or not this came back with over 18,500 hits. Try it now and you'll find something around 33,000 (give or take a few)

Try to keep this in mind if you are a Citrix Admin - **Creating ICA Files is a REAL BIG NO-NO!!!** - if you have something that doesn't work in a Citrix Environment, get help and fix it properly. As any good developer will tell you, if you have to hard-code something, you are not *fixing* it, you are simply delaying the inevitable crisis to a later date! 

In a typical page of 10 results on google you will probably find 4 - 5 will either let you log on anonymously or will already have the UserID and Password included. It could be argued that a large number of the 33,000 are old and no longer valid ICA Files, but that still leaves and incredible number of potential security lapses?

Of these you could reasonably expect that 95% will have the Hotkeys enabled (use ) to bring up NT Security, then call up Task Manager? - and I'll leave the rest to you?

I'm not in any way condoning the illegal access of Systems that you shouldn't - just trying to point out the pitfalls of hard-coded ICA Files - DON'T - once you have created them, you are no longer in control of where they are left, who they are emailed to (just to help someone else?), etc.

So, avoid using ICA Files where ever possible, and start looking at covering off the basics as far as security is concerned? Start with at least disabling access to Task Manager for non-Admin users?

Posted on Wednesday, December 7, 2005 8:16 PM Citrix , IT Management , Microsoft Tips , Security | Back to top

Comments on this post: Remember to keep the Front Door locked? Security basics in a Citrix Environment

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © Dave Caddick | Powered by: