Citrix 客户端驱动器映射对于外部客户端来说是一个坏主意吗?
我们正在为外部合作伙伴的同事建立一个 Citrix 解决方案,以访问我们组织中的应用程序。问题是从安全角度来看允许 Citrix 客户端驱动器映射是否是一个坏主意? 有人知道任何最佳实践吗?
我们无法控制客户端连接位置或其网络的状态(例如防病毒软件)。
We are setting up a citrix solution for co-workers from an external partner to access applications in our organisation. The question is if it's a bad idea to allow Citrix Client Drive mapping from a security perspective?
Does anyone know of any best practices?
We have no control over the state(of for example antivirus software) of the clients from where they connect or their network.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这可能是 Citrix 论坛的问题,但这是我的 2 美分:
使用 Citrix XenApp,您可以精细地控制客户端(用户所在的位置)和服务器(执行应用程序和存储数据的位置)之间的数据交换级别)你想允许。一个极端是禁用所有形式的交换,包括剪贴板。在这种情况下,用户从服务器复制数据的唯一方法是通过屏幕截图。
另一个极端是允许一切,包括剪贴板和客户端驱动器映射。在这种情况下,您可以通过剪贴板和文件系统来回复制数据。
没有最佳实践,您需要定义所需的安全级别并采取相应的行动。但要注意:也要考虑用户,不要对他们进行不必要的限制。
This is probably a question for the Citrix forums, but here are my 2 cents:
With Citrix XenApp you can granularly control which level of data exchange between the client (where the user sits) and the server (where applications are executed and data is stored) you want to allow. One extreme is to disable every form of exchange, including the clipboard. In such a scenario the only way users can copy data from the server is via screenshots.
The other extreme is to allow everything including clipboard and client drive mapping. In that case you can copy data to and fro, both via the clipboard and via the file system.
There is no best practice, you need to define which level of security you want and act accordingly. But beware: think of the users, too, and do not restrict them unnecessarily.