Hello all.

I work for a Canadian company, I just started, I am an IT specialist. The company has just outsource to a firm that provides a Citrix environment on top of our windows 2k network. Do not ask me why the company I work for has done this, it pisses me off, the firm provides email and some apps like the office suite. I am concerned because they allow access into the citrix network to our 100+ users from home. Home users can now access there email and files via the web. My problem here is what if a "not so nice person" breaks into a users home system and installs a trojan\keystroke logger and grabs there user/password for the citrix environment??? There goes my network security! I need to get as much research on this as possible to present it to the company I work for. I know the company that provides the cirtix tracks the ips of the remote users, but how easy would it be for the malicous person to hide there ident??? Please advise!!!