Wednesday, June 17, 2009

[THIN] Re: Risks involved enabling client mapping

I'd also recommend file and folder level auditing in places where users are allowed to drop content. You'd then know exactly who put what and when if something malicious made its way onto your server. Nothing is safer than fear of reprisal.
 
Kevin

On Wed, Jun 17, 2009 at 10:31 AM, Carl Stalhood <cstalhood@gmail.com> wrote:
I think the default configuration is to prevent execution of any application that resides on the client drive. The file (.exe, .bat, .cmd) would have to be copied to a network drive first and then executed. Once it's on the network drive, your AV will catch anything malicious.

If security is a primary concern, you could implement an Access Gateway and configure SmartAccess. For those client machines that comply with your security standards (pass the endpoint scan), leave client drives enabled. If the client fails the security scan, disable client drives. This is done using Citrix Policies and Access Gateway filters.




On Wed, Jun 17, 2009 at 9:24 AM, Hamilton, Ronnie <ronnie.hamilton@ltai.ie> wrote:

Hi

Having a bit of a debate here at the moment on the risks of an unmanaged laptop going off site were the user wants to be able to transfer files to the local drive from a network drive and back.

With our infrastructure I don't have NAC or anything like that.

What are the risks if a user can copy files back and forward.

I know that when they copy to a network drive our internal AntiVirus will kick in.

what I'm not sure about is there any other way to infect the network when this option is enabled.

thanks

Ronnie

Visit our website : www.ltai.ie

__________________________________________

Lufthansa Technik Airmotive Ireland Limited. Registered in Ireland. Reg. No. 45999. Registered Office: Naas Road, Rathcoole, Co.Dublin.

Lufthansa Technik Airmotive Ireland Leasing Limited. Registered in Ireland. Reg. No. 140891. Registered Office: Naas Road, Rathcoole, Co.Dublin.

__________________________________________

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please advise by return email and delete all copies of the message.

 





--
Kevin G. Stewart

No comments: