Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations MikeeOK on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ica web security

Status
Not open for further replies.
mlowe9

mlowe9

Programmer
Apr 3, 2002
221
US
We have some sensitive applications that run via ica file over the internet.

The user must download and install the WinFrame plugin, then run the ica file from a link. The link is on a secure page (SSL 128-bit), but I was wondering if the Citrix session that runs over this connection is also secure.

Thanks everyone.
 
Sort by date Sort by votes
Depends on the citrix and client version. Winframe is a bit outdated. (so outdated, that i never worked with it).
As from Metaframe 1.8 citrix introduced the secure add-in (not 100% sure what's it called) on the serverside, and the so called "secured clients" for the clientside who were capable of running RSA 40 to 128 bits encryption on a session. As from Citrix XP, this feature is completely built in by default. These types of security, are for protection agains sniffing from the outside.
For futher security (take the man in the middle), citrix introduced Citrix Secure Gateway.

So to answer your question more exact, you need to provide more information on the setup you use.

Free citrixprinting support
 
Upvote 0 Downvote
We are on Citrix XP on W2K Servers. Since I posted this, I have found a line to add to our .ica files:

EncryptionLevelSession=EncRC5-128

Then when I run the .ica file from a browser, the Connection Status reads, Encryption Level: EncRC5-128.

Is this the same as saying it's running 128-bit encryption? Is there any way to verify that it is?

 
Upvote 0 Downvote
Is this the same as saying it's running 128-bit encryption? Is there any way to verify that it is?

At that moment, you're running it over the pattented RSA 128 bits protocol, built into citrix. That is the highest level of encryption, that you can get from citrix.
Security experts will not accept that method, since it does not involve actual certificates, thus not making it acceptable for them. If you want to work with 100% security, that can easily pass a security audit, then the only thing left, is using Citrix Secure Gateway, which requires a 128 bits SSL certificate, to use for a session.
That setup will have no problems with security auditors.

Free citrixprinting support
 
Upvote 0 Downvote
Thank you for your advice. It is appreciated.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

sodax
  • Locked
  • Question
Redirect PORT COM on ICA CLIENTS
Replies
2
Views
294
sodax
sodax
furnitus
  • Locked
  • Question
ICA ActiveX Client
Replies
0
Views
232
furnitus
furnitus
adrianday
  • Locked
  • Question
ICA Connection
Replies
0
Views
157
adrianday
adrianday
Scuba27
  • Locked
  • Question
Published Applications Not Appearing in Citrix ICA Client
Replies
0
Views
210
Scuba27
Scuba27
rojariggs
  • Locked
  • Question
Xenapp & Metaframe together on web interface
Replies
2
Views
274
rojariggs
rojariggs

Part and Inventory Search

Sponsor

Back
Top