AppSense Preventing the Double Hop in Citrix XenApp and XenDesktop
For many organisations Citrix XenApp and XenDesktop provides a secure way of deploying applications to third parties, remote support staff and contractors.
Typical use cases can enable these users to connect to a Citrix-delivered application or desktop and allow them to access applications, maintain systems, provide remote assistance and or update network infrastructures.
Whilst this enables such users “local” access to resources to perform their task, this level of access introduces other security and access concerns for the Citrix and Security teams.
When deploying desktops to these remote users, the desktop being presented can become a “launch pad” to other network resources, servers, and websites that IT may not want users to access. For some remote users IT may need to provide applications such as telnet, MSTSC.exe and Internet Explorer. Whilst these tools and applications allow the remote user to have access to certain IP addresses and systems to do their job, they can use those tools and applications to access other back end systems to which they should not have access. To block unauthorized access, IT needs to ensure that a remote user who is presented with a Citrix desktop is not able to logon to another desktop or Citrix farm—a “double hop”.
Read the entire article here, Preventing the Double Hop in Citrix XenApp and XenDesktop
via the fine folks at AppSense.