1) Our IT department seem of the view that if citrix remote access gateawy requires 2 factor authentication then we are pretty secure? Whats your view on that opinion?
2) If you only publish citrix to the world, are there still other attack vectors on that citrix CAG gateway server that could allow a hacker to gain access to the LAN?
3) Is the view that 2-factor is all thats required very naive?
4) Can you give some examples of other vulns you could find on a citrix CAG server that could still allow an attacker to get unauthorised access to the LAN - and/or compensating cotnrols to block these additional attack vectors?