Announcement

Collapse
No announcement yet.

Citrix question for work...

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Citrix question for work...

    Ok. so my company is converting to a Citrix based system for remote access.

    1. I have been pushing for VPN, but they state they won't install on machines not owned by my employer for security reasons. Would you agree with this statement and how significant would the additional perceived risk be?

    2. Does Citrix pose a risk that my employer could review files on my personal machine? In particular, I keep things I wouldn't want to share such as my tax documentation, medical information, career planning etc in my documents. Since Citrix exposes my local system as a "networked" drive does this theoretically allow any type of "pull" from their end?

    I guess I'm truly not worried about my employer snooping I just want to be aware of what potential risk I'm under when connected.

    Thanks,
    Shiner



  • #2
    Re: Citrix question for work...

    Originally posted by Shiner View Post
    Ok. so my company is converting to a Citrix based system for remote access.

    1. I have been pushing for VPN, but they state they won't install on machines not owned by my employer for security reasons. Would you agree with this statement and how significant would the additional perceived risk be?

    2. Does Citrix pose a risk that my employer could review files on my personal machine? In particular, I keep things I wouldn't want to share such as my tax documentation, medical information, career planning etc in my documents. Since Citrix exposes my local system as a "networked" drive does this theoretically allow any type of "pull" from their end?

    I guess I'm truly not worried about my employer snooping I just want to be aware of what potential risk I'm under when connected.

    Thanks,
    Shiner
    Depending on the configuration, Citrix could expose files from your local machine to the rest of the network. As far as them not being willing to install a VPN client on your machine for security reasons, that seems to be a very odd condition. Application based VPN clients aside, most VPN solutions can provide VPN via SSL so they won't even need to install a client!

    When we encounter Citrix in the field during an IT audit (be it for a SAS70, SOX 404 or general risk assessment) we expect Citrix to be protected via VPN technology anyway. Citrix by itself is giving your company far greater exposure from a security perspective than Citrix through an encrypted VPN tunnel.
    Diplomacy is the art of saying "good doggie" while looking for a bigger stick.

    Comment


    • #3
      Re: Citrix question for work...

      Citrix can be a useful tool, I am only a lowly Helpdesk Analyst where I work, but as far as Citrix is concerned, I'm sorta the go-to guy. Now we only use Citrix within our network. We have a call center for after hours who actually asked use to put a citrix access point in our DMZ for them to access, because for some reason our VPN Client did not work from inside their network.

      They were blocking it, not allowing it to work, for fear of exposing their network. And they wanted us to open up a Citrix server with access to our network from the regular internet. I kinda chuckled at that.

      Anyways. We use Citrix inside of our network, but for remote access, we use VPN.

      How exactly are they implementing Citrix in your situation? Are they essentially providing you with a remote desktop to use? Or just serving applications? As far as security goes, It's really not that important, because in the end it's doing almost the same thing. Just a curiousity.

      As far as Not installing VPN on clients not within the organization. I guess I can somewhat understand. It is ultimately up to the company's IT Department. The biggest issue that they're worried about most likely includes keeping a virus out of their network.

      Example: Ron surfs the web at home at his leasure, picks up a dirty little bug that want's to propogate before unleashing it's mean stuff. Ron connects via VPN to Company X's network. Ron's dirty little bug see's a whole new network interface open up and proceeds to sow it's seeds in Company X's network, since the nature of VPN turns off all of dirty little bug's other network connections. Ron's PC successfully takes down part of Company X's network for 3 days, without Ron even knowing.

      That's random, but don't doubt it hasn't happened before.

      The company does not have the ability to control what is on your PC, at least not as well as PCs within their own network. (Antivirus, Updates, Etc) Whenever a user from our company brings us their laptop and asks to get VPN access with it, we check for things like that. But generally, it's not an issue getting a personal laptop access to our VPN.

      One thing I will tell you is a company will care about it's own network well before it's concerned at all about yours. (See example in first and second paragraphs)

      Now, as far as Citrix is concerned. I would find it very unlikely that a company would have any interest in snooping around your personal documents. That being said, If they wanted to, they most likely could via some sort of script in the background. But if a company is doing that, then I think your tax documentation should be a drop in the bucket concerning the issues you might have.

      Granted, I have no idea what kind of business you work for. I also do not claim to have the answers to everything regarding VPN and/or Citrix, implementations are different everywhere.

      I've been present when Admins have been going through our SAN and deleting Hundreds of Gig's of "Mexico Trip 2003.bmp" or "Rolling Stones.mp3" That's part of their job, and those things most definately did not have any relevance to the company. I've been present when Admins go through the Internet log seeing where Joe User goes every day, what streaming media outlets they're using to saturate our Bandwidth. It's a part of their job. Their goal is to make sure users have what they need to do their job, be it storage space, or bandwidth. They may spend some time on this sort of thing, and I know it definately rubs some people the wrong way. But beyond that, They're pretty much busy most of the time with one project or another. And the value of what might be found on a random client's Computer, probably isnt worth their time compared to other things they don't have the time to do.

      In the end, both of these can produce approximately the same amount of risk I would estimate.

      Give me access to a network via VPN or Citrix and I'd be able to mess it up in one way or another unless they're protected and locked down extremely well. It's exposure on either end either way you look at it. But what's more valuable to a company? You getting work done for them, or you're little nephew's 1st birthday photos?
      RAWGRLRLRLRRLGLRL!!!

      Nations are like individuals: they achieve more when they plan to plant a tiny tree, and do it, than when they propose to raise an entire forest and then fall asleep in the furrows.

      I AM socializing artard, I'm logged on to an MMORPG with people from all over the world and getting XP with my party using Teamspeak

      Comment


      • #4
        Re: Citrix question for work...

        Wow super answers... I'm not really that concerned about them snooping, but it occured to me it would be possible and I like to understand risks. (I am in part a risk consultant).

        I'm actually more interested in making a case for the roll-out of the VPN client currently avaiable on company laptops to non-laptop users, because I selfishly feel it is a far more efficient working environment and they are limitting the number of citrix licenses available corporately because of the cost impact.

        They have two versions of citrix access setup. For FT remote users they have a desktop "mirror" style setup. For those that just work from home nights and weekends we have an "explorer" style interface allowing us to browse and copy files from the company network to our local drives. This is obviously a less than ideal situation for someone working with many files.


        Comment

        Connect

        Collapse

        TeamSpeak 3 Server

        Collapse

        Advertisement

        Collapse

        Twitter Feed

        Collapse

        Working...
        X