I think the default configuration is to prevent execution of any application that resides on the client drive. The file (.exe, .bat, .cmd) would have to be copied to a network drive first and then executed. Once it's on the network drive, your AV will catch anything malicious.
If security is a primary concern, you could implement an Access Gateway and configure SmartAccess. For those client machines that comply with your security standards (pass the endpoint scan), leave client drives enabled. If the client fails the security scan, disable client drives. This is done using Citrix Policies and Access Gateway filters.
On Wed, Jun 17, 2009 at 9:24 AM, Hamilton, Ronnie <ronnie.hamilton@ltai.ie> wrote:
Hi
Having a bit of a debate here at the moment on the risks of an unmanaged laptop going off site were the user wants to be able to transfer files to the local drive from a network drive and back.
With our infrastructure I don't have NAC or anything like that.
What are the risks if a user can copy files back and forward.
I know that when they copy to a network drive our internal AntiVirus will kick in.
what I'm not sure about is there any other way to infect the network when this option is enabled.
thanks
Ronnie
Visit our website : www.ltai.ie
__________________________________________
Lufthansa Technik Airmotive Ireland Limited. Registered in Ireland. Reg. No. 45999. Registered Office: Naas Road, Rathcoole, Co.Dublin.
Lufthansa Technik Airmotive Ireland Leasing Limited. Registered in Ireland. Reg. No. 140891. Registered Office: Naas Road, Rathcoole, Co.Dublin.
__________________________________________
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please advise by return email and delete all copies of the message.
--
Kevin G. Stewart
No comments:
Post a Comment