Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Best way to secure nFuse.

Status
Not open for further replies.
HyungKwon

HyungKwon

IS-IT--Management
Sep 24, 2002
2
US
I have recently installed nFuse to one of our webservers on the DMZ. I am currently testing by using the basic encryption. All of the functionalities and mostly importantly the applications are working fine. Before I go live I will need to implement a secure portal. I have performed a search on this site to get more info on Citrix Secure Gateway. I unfortunately cannot find the answers to my question.

My question: Is this the strongest line of defense for nFuse? I can't say money is not an issue but leaving the system for an attack is definately NOT an option. Are there any other packages out on the market that will provide more security?

Thanks,

Hyung Kwon.
 
Sort by date Sort by votes
First thing I would do is use SSL (port 443) instead of port 80 to have that security. Next do not use anonymous logons but use NT logons. Basic encryption will do if you do not have too much company data transfering over the internet.
 
Upvote 0 Downvote
Citrix Secure gateway is an easily configurable solution to provide SSL/TLS transerval from client to server. It is comprised of a CSG server and a secure ticket authority--this can be on a mfserver or standalone, your choice.

Whether you are your own ticket authority or not, you configure the csg and sta with the certificates and the client will download the root certificate.

You can additionally put the nfuse on port 444 since it cannot share with IIS and configure SSL on the citrix servers, but that is a pain and I'd rather do it one time instead of a bunch.

The way I have my setup to ensure secure is a PIX, then a citrix secure gateway, then NFuse (these are in a DMZ), then another PIX that maps into my internal network....where my DC and MF server farms reside.

128 bit encryption is 128 bit encryption...you'll have that, plus have it all going thru a SSL port and most likely a firewall. Hell, use a RSA token just to add that into the mix!

Seriously, firewall+CSG+128bit=secure
 
Upvote 0 Downvote
Thanks for the advice guys. I have a firewall installed and configured and will be purchasing a certificate from Verisign.com. Kinda OT but can anyone offer up any advice on verisign? I'm not a big fan of RSA but I'm sure there are other companys out there.

Hyung Kwon
 
Upvote 0 Downvote
Hyung Kwon, If you're really serious about security, I'd suggest installing NFuse on apache instead of IIS. IIS != Secure, ever. *If* you do use NFuse on IIS make sure you use Microsoft's Lockdown tool and are always up to date. Also make sure you require NTLM authentication to the web root. That way people can not poke around your directory structures. Once again... look into apache....
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

gazonk.del
  • Locked
  • Question
How to Copy save_set from Tape to Disk -- Continuation
Replies
0
Views
136
gazonk.del
gazonk.del
SBTBILL
  • Locked
  • Question
How to get to files
Replies
1
Views
122
Provogeek
Provogeek
DreemaGurl
  • Locked
  • Question
Can't log on to Citrix through emote access portal
Replies
1
Views
261
ntinlin
ntinlin
dumbchemist
  • Locked
  • Question
Using IDE to SATA/SATA to IDE converters with Netware 5
Replies
18
Views
279
goombawaho
goombawaho
arell12
  • Locked
  • Question
Secure Gateway and MS Threat Management Gateway
Replies
0
Views
78
arell12
arell12

Part and Inventory Search

Sponsor

Back
Top