An interesting article by Robert Jaques at vnunet called "Poor Citrix set-ups leave firm vulnerable" claims that if you do a basic installation of Citrix Presentation Server without any special knowledge, you leave your system vulnerable to security breaches such as one user being able to access another user's data and private files. This article was written based on a report from a company called Global Secure Systems. I haven't been able to see the actual report--I think it's something you have to pay for--but the report's author claims that "Even in the most locked-down environment, five high-risk vulnerabilities were discovered."
What do you think? How secure is the base install of Citrix Presentation Server? (Or plain Terminal Server or Provision Networks / Quest Software's Virtual Access Suite.) Are there any "little things" you can do to make a system more secure?
Speaking personally, one of the best ideas I've heard was to remove users' "execute" permissions from everywhere except for the important system locations like the Windows and Program Files directories. If you remote the execute permissions from Temp, Temporary Internet Files, the Outlook attachment folder, and the users' home drives, that single act should prevent a lot of bad stuff from happening.
What else should we think about?