Hi,
I recently came across a unique security architecture in an Insurance Firm I am dealing with. They put a Citrix/TS farm in their DMZ, hosting only IE and closed outbound port 80/443.
This way, internal users can *not* access the web, unless they use the TS, which is easier to manager, easier to secure, and sits in the DMZ - without access to the internal network. The additional benefit is that the internal network is, in a way, separate/disconnected from the Internet - with all the security benefits associated with that.
Has anyone seen this elsewhere? What do you think of this approach to solving the browsing security-related problems?
Rot