Solved

Citrix, inadvertant security issue?

Posted on 2011-03-14
3
258 Views
Last Modified: 2012-05-11
If your users use Citrix Secure Access Gateway, am I correct in thinking all they need to do is essentially use a web browser, visit a specific URL and then they will view the company’s servers and desktop session in a browser window? Is there any specific minimum requirements needed on machines that are to use the CAG?

Also, as it is a real benefit to have such a remote access solution in place, do you still have remote working policies? Am I correct in thinking if someone accesses CAG from an un-trusted machine it could have a key logger on it that could be slurping up your user’s domain credentials? How do you deal with this? Do you have approved machines they can use to access CAG or no policy? What about user’s home/personal machines? They could to have a key logger on them? Its one thing having a handy remote access solution but the last thing you want is for this to be a loophole for someone to harvest a companies domain credentials (keys to the doors as we call them).
0
Comment
Question by:pma111
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
jvr006 earned 125 total points
ID: 35129144
You have the ability to setup access control with access gateway. It is a different depending on whether you are using standard or enterprise. Take a look at the link below to get an idea of what you can do.

http://support.citrix.com/proddocs/index.jsp?topic=/access-gateway-50-access-controller/ag-cac-policies-access-strategy-con.html



0
 
LVL 3

Author Comment

by:pma111
ID: 35129488
Thanks for the link, how does Citrix know what device you are actually connecting with, or is this done on a trust basis, i.e. if user says they are using a corporate device then thats what they are using? Or can citrix diffrentiate between a corproate device and someones home PC or a PC they use in their local coffee shop etc?
0
 
LVL 6

Expert Comment

by:jvr006
ID: 35129918
I believe the process is that when you access the web interface, an active-x control will be downloaded that runs an endpoint analysis. You can control access to applications, or in your case, control login screen visibility. You can scan for domain membersip.. I don't know if there is an exact way to determine location though. The endpoint analysis is more about endpint trust then location.

http://support.citrix.com/proddocs/index.jsp?topic=/access-gateway-50-access-controller/ag-cac-endpoint-analysis-scans-creating-tsk.html
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Gmail Account risks 4 90
Auto Smartport macro for Dell and HP laptops 2 72
CSS: Making Pure CSS read more boxes thinner 5 31
sql server service accounts 4 26
Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question