Certification Country: UNITED KINGDOM (2005)
Certification Method: CC
Crypt Evaluation: Completed
Manufacturer/Vendor/Distributor: Citrix Systems Inc
Citrix Systems Inc
Phone: +61 (2) 6299 9160 or +61 (4) 0114 7287
Email: [email protected]
Citrix Presentation Server 4.0 provides users with secure network access to applications and information. This access can be from a range of devices over any network connection including Local Area Networks, Wide Area Networks, dial-up or wireless connections, or the internet.
The evaluation configuration consisted of:
- Citrix Presentation Server 4.0 for Windows, including the STA software, which includes the platforms on which the applications reside;
- Citrix Web Interface 4.0;
- Citrix Secure Gateway 3.0; and
- Citrix ICA Client Version 9.0, which gives users access to the applications.
The specific security functions provided by the TOE are:
- User Authentication: the user authenticates to the Citrix Presentation Server by either (a) identity and password or (b) smartcard and smartcard PIN.
- User Access: authorised users have access to their set of permitted published applications only.
- Membership of user’s permitted application set: the administrator publishes and sets access permissions for applications.
- Inter-Component Encryption: all data transmitted between client and server components is encrypted using the TLS protocol. The encryption applied is RSA with the 3DES, EDE, CBC cipher algorithm and SHA hash algorithm.
- Secure authentication mechanism: The TLS mechanism ensures that client components are able to authenticate to server components.
- Availability of permitted published applications: Following authentication, authorised users are provided with access to all of their permitted published applications.
- Cut and Paste: When the function is enabled by the authorised administrator, users may cut, copy and paste information between a published application and a Windows clipboard on the client. Only global enable/disable was evaluated.
- Client Drive Mapping: When the function is enabled by the authorised administrator; a permitted published application may access the local drives on the client machine. Only global enable/disable was evaluated.