If I get an account on IGN, what prevents me from attacking your
Winframe box? Do you trust Citrix to have gotten all their security
right? What can I gain once I've broken it? (Hints; does it
strongly* encrypt passwords as they go over the net? Does it resist
password guessing attacks? Session hijacking?)
*For explanations of strong encryption, see the Snake Oil Crypto FAQ.
Ken Gunther wrote:
| We are currently using Winframe by Citrix to give remote users access to
| applications at our datacenter. Access to the Winframe box is through the
| IBM Global Network (IGN). IGN is a subscribers only network. It is not as
| open as the Internet but by no means do we have control over who is on it.
| We currently have a firewall in front of the Winframe box but there is a
| noticable delay in keystrokes when going through the firewall (TIS Toolkit
| on a Linux box). We have performed some tests where for short periods of
| time the Winframe box was connected directly to the IGN and the keystroke
| delays went away.
| Is Winframe safe to put directly on the untrusted network? We are worried
| about unauthorized people getting through to the trusted side as well as
| denial of service attacks where people try to crash Winframe.
"It is seldom that liberty of any kind is lost all at once."