4

It is a question I have had for some time which I have never received a solid answer on. It seems most infosec teams prefer to disable clipboard functionality on Citrix and other RDP setups. What is the real threat here and does the threat actually out weigh the huge inconvenience of not being able to copy/paste text into the client. I am only talking about clipboard copying, not drive sharing (accessing a drive on the client computer).

Update:
In the current iteration Citrix is being used for remote virtual desktop access to the company. So the Citrix client can be installed on any non-company-controlled PC. As far as I am aware the only regulation is SOX. I guess HIPAA for users with that access into the Lawson system.

unor
  • 1,769
  • 1
  • 19
  • 38
Brettski
  • 521
  • 3
  • 8
  • 14
  • Sorry for the lame tag, it is all that existed which seemed to fit (I cannot create tags yet). – Brettski Apr 02 '12 at 14:20
  • A quick Google shows no mention of this in hardening guides, and no well known vulnerability in the clipboard sharing mechanism, so my money is on Brad and D.W.s answers. – Graham Hill Apr 02 '12 at 17:44

4 Answers4

4

Depending on the configuration, there may be the ability to copy and paste to a local document. This could become a compliance issue depending on your industry. Say for example you deal with credit card numbers, social security numbers, etc. Someone could copy that data into an email or text file. It really depends on what kind of data you need to protect.

What is the specific industry? What is the proposed infrastructure structure and flow of work to be completed? Do you have to comply with HIPAA/HITECH, PCI, or any other types of compliance?

UPDATE: The best option might be to assign company assets that have security measures implemented on them (full disk encryption, USB ports disabled, Logging and auditing enabled, block personal email and networking sites not needed in the HOSTS file, etc.) Not doing so could put information in the lawson system at potential risk. Never underestimate the human element, plan and engineer for it.

UPDATE2: This should help you out. check out http://support.citrix.com/proddocs/topic/xenapp5fp-w2k8/ps-admin-policy-rules.html

which shows: Prevent cut-and-paste data transfer between the server and the local clipboard

Resources > Other > Turn off clipboard mapping

and turn off clipboard mapping.

The only other thing is that you may want to also consider the ability to print screen to be considered a possible security hole as well. To disable this through group policy check out http://www.sdmsoftware.com/group-policy-preferences/disabling-print-screen-through-group-policy/

Also I would disable USB ports as well just to be more safe and secure.

Brad
  • 849
  • 4
  • 7
  • Brad, I think your answer is the closest. Upon further investigation it comes down to the ability to copy documents outside of the controlled business environment. I could open a sensitive document and copy and paste it's contents around company controls. There would be no traceability. That along with the fact that the Citrix access isn't multi-factor so easier for someone to compromise the network and easily download many assets. – Brettski Apr 02 '12 at 18:42
  • 1
    If Citrix can be configured for one-way copying (you can copy from remote into Citrix, but not from Citrix out to remote) then this would ease or eliminate this concern, leaving only @D.W.'s concern. This would also reduce or eliminate the inconvenience to users, especially if the corporate assets they use are all accessed through Citrix. – Myrddin Emrys Apr 03 '12 at 00:12
  • @MyrddinEmrys, I can't argue with that. I will have to check with the Citrix admins to see if one way clipboard is an option. Didn't think such a thing could be possible. – Brettski Apr 04 '12 at 00:49
  • Found this blog post on setting up one-way clipboard (client to host). http://blogs.citrix.com/2009/10/23/how-awesome-is-hdx-part-3-of-3-secure-clipboard-control/ – Brettski Apr 04 '12 at 21:44
4

I think the previous answers are correct but should be presented in a different light... let me explain.

If you give the user access to view some piece of information, no technological safeguard will prevent them from funneling the data out. For example, I could Citrix into a machine with Cardholder Data and simply write it down on a piece of paper. Please remember that the only safeguard to protecting data that is viewable by employees is internal policy...

Does that mean that the enabling/disabling the clipboard sharing doesn't matter? No! Think of this scenario: I am a user with malware on my machine that monitors my local clipboard for secure data. I Citrix into your environment and copy some Credit Card numbers for completely legitimate purposes. If remote clipboard is enabled these numbers will be passed to my local machine and stolen by the malware.

So to summarize, data leakage is possible by enabling the clipboard syncing, but it should not be evaluated from the standpoint of an internal compromise. This is mute once the user has view privileges. It should be evaluated from the standpoint of allowing secure data to enter unsecure systems where it could be compromised without user interaction.

Chris Frazier
  • 795
  • 5
  • 6
  • 1
    Although most security precautions could be thwarted by physical access from an I.T. standpoint you should be covered with written polocies in place, no cell phones, usb access disabled, etc. Although it still wouldnt stop someone with a pen and paper from writing something down, camera's could be added to increase paranoia to decrease risk. The biggest deterrent from an employee ripping you off is to treat them fair and pay them an honest wage with good benefits, then just try to screen out the crazies during hiring. – Brad Apr 03 '12 at 18:50
  • One Statistic that I read somewhere was that 70% of employees will steal if they feel that they are not being treated fairly and the opportunity were to arise. Boosting pay, benefits and recognition can decrease this to 20-30% or below. Point being, REDUCE the statistics by not abusing and exploiting the workforce. – Brad Apr 03 '12 at 18:53
2

I think the main threat is that if you use copy-paste on your local system to copy between two local applications, the remote desktop can spy on the content that has been copy-pasted. (And similarly, if you use copy-paste on the remote desktop to copy between two local applications, a local application can spy on the content that has been copy-pasted.) I have not verified this, though, and it's a bit outside of my usual area of expertise, so I could easily be missing something important.

D.W.
  • 98,420
  • 30
  • 267
  • 572
0

I understand the clipboard issue and agree with it due to the malware factor. With smart phones and taking a picture of the screen--totally eliminates the content security. I use my phone to capture errors etc. I have also remoted to a machine, and then using the ip of my local machine and just copied it from the server back to my machine (\IPAddress\c$ to the folder I want to copy it to) If file transfer ports are blocked--this wont work. sammie..

sammie
  • 1