Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Citrix, inadvertant security issue?

Posted on 2011-03-14
3
Medium Priority
?
272 Views
Last Modified: 2012-05-11
If your users use Citrix Secure Access Gateway, am I correct in thinking all they need to do is essentially use a web browser, visit a specific URL and then they will view the company’s servers and desktop session in a browser window? Is there any specific minimum requirements needed on machines that are to use the CAG?

Also, as it is a real benefit to have such a remote access solution in place, do you still have remote working policies? Am I correct in thinking if someone accesses CAG from an un-trusted machine it could have a key logger on it that could be slurping up your user’s domain credentials? How do you deal with this? Do you have approved machines they can use to access CAG or no policy? What about user’s home/personal machines? They could to have a key logger on them? Its one thing having a handy remote access solution but the last thing you want is for this to be a loophole for someone to harvest a companies domain credentials (keys to the doors as we call them).
0
Comment
Question by:pma111
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
jvr006 earned 500 total points
ID: 35129144
You have the ability to setup access control with access gateway. It is a different depending on whether you are using standard or enterprise. Take a look at the link below to get an idea of what you can do.

http://support.citrix.com/proddocs/index.jsp?topic=/access-gateway-50-access-controller/ag-cac-policies-access-strategy-con.html



0
 
LVL 3

Author Comment

by:pma111
ID: 35129488
Thanks for the link, how does Citrix know what device you are actually connecting with, or is this done on a trust basis, i.e. if user says they are using a corporate device then thats what they are using? Or can citrix diffrentiate between a corproate device and someones home PC or a PC they use in their local coffee shop etc?
0
 
LVL 6

Expert Comment

by:jvr006
ID: 35129918
I believe the process is that when you access the web interface, an active-x control will be downloaded that runs an endpoint analysis. You can control access to applications, or in your case, control login screen visibility. You can scan for domain membersip.. I don't know if there is an exact way to determine location though. The endpoint analysis is more about endpint trust then location.

http://support.citrix.com/proddocs/index.jsp?topic=/access-gateway-50-access-controller/ag-cac-endpoint-analysis-scans-creating-tsk.html
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question