Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 458
  • Last Modified:

CAG checklist

Are there any security benchmarks/checklists for citrix access gateway?
0
pma111
Asked:
pma111
3 Solutions
 
pma111Author Commented:
Is it possible to have a CAG without SSL and without 2-factor? Or are they part of the package, i.e. part of the hardened appliance? I am struggling to see what vulnerabilities you could have with CAG, if any? Whats your view?
0
 
jvr006Commented:
You can configure the CAG to use SSL without 2-factor authentication. I don't believe there is any way to get rid of the SSL part, besides not using the appliance.

Probably the least vulnerable way to deploy the appliance is to put it in the DMZ and have users authenticate at the CAG before gaining access to the web interface.

You have other options, such as using a CAG as basically a SSL proxy. The connection would proxy through the CAG device, but authentication would take place on the web interface.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
pma111Author Commented:
If you were doing a top level security/configuration audit of a CAG what would your top 5 checks be? ... Perhaps with some notes on the vuln of the issue if not secured/configured properly..
0
 
AnuroopsunddCommented:
Please go through the best practice document. this will help in knowing also what is best practice vs what is configured. this is what the auditor checks for
http://www.dabcc.com/thinsol/CSG/Docs/Best%20Practices%20for%20Securing%20a%20Citrix%20Secure%20Gateway%20Deployment.pdf
0
 
pma111Author Commented:
But thats for secure gateway, not CAG. They arent the same are they?
0
 
joharderCommented:
Secure Gateway and Access Gateway are indeed two destinct mechanisms for controlling access to your environment.  Although both are SSL VPNs, Secure Gateway is limited in functionality as it only supports ICA/CGP (Session Reliability) traffic and nothing more.
0
 
pma111Author Commented:
So.... are there any audit/vulnerability checks that can be performed on access gateway? I find it hard to think theres non.
0
 
pma111Author Commented:
Thatll be a no then...
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now