Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

CAG checklist

Posted on 2012-04-04
9
Medium Priority
?
452 Views
Last Modified: 2012-08-13
Are there any security benchmarks/checklists for citrix access gateway?
0
Comment
Question by:pma111
9 Comments
 
LVL 17

Accepted Solution

by:
Anuroopsundd earned 668 total points
ID: 37805995
0
 
LVL 3

Author Comment

by:pma111
ID: 37806063
Is it possible to have a CAG without SSL and without 2-factor? Or are they part of the package, i.e. part of the hardened appliance? I am struggling to see what vulnerabilities you could have with CAG, if any? Whats your view?
0
 
LVL 6

Assisted Solution

by:jvr006
jvr006 earned 668 total points
ID: 37806263
You can configure the CAG to use SSL without 2-factor authentication. I don't believe there is any way to get rid of the SSL part, besides not using the appliance.

Probably the least vulnerable way to deploy the appliance is to put it in the DMZ and have users authenticate at the CAG before gaining access to the web interface.

You have other options, such as using a CAG as basically a SSL proxy. The connection would proxy through the CAG device, but authentication would take place on the web interface.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 3

Author Comment

by:pma111
ID: 37806391
If you were doing a top level security/configuration audit of a CAG what would your top 5 checks be? ... Perhaps with some notes on the vuln of the issue if not secured/configured properly..
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37806449
Please go through the best practice document. this will help in knowing also what is best practice vs what is configured. this is what the auditor checks for
http://www.dabcc.com/thinsol/CSG/Docs/Best%20Practices%20for%20Securing%20a%20Citrix%20Secure%20Gateway%20Deployment.pdf
0
 
LVL 3

Author Comment

by:pma111
ID: 37809821
But thats for secure gateway, not CAG. They arent the same are they?
0
 
LVL 15

Assisted Solution

by:joharder
joharder earned 664 total points
ID: 37812043
Secure Gateway and Access Gateway are indeed two destinct mechanisms for controlling access to your environment.  Although both are SSL VPNs, Secure Gateway is limited in functionality as it only supports ICA/CGP (Session Reliability) traffic and nothing more.
0
 
LVL 3

Author Comment

by:pma111
ID: 37826544
So.... are there any audit/vulnerability checks that can be performed on access gateway? I find it hard to think theres non.
0
 
LVL 3

Author Comment

by:pma111
ID: 37870996
Thatll be a no then...
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

At the beginning of the year, the IT world was taken hostage by the shareholders of LogMeIn. Their free product, which had been free for ten years, all of the sudden became a "pay" product. Now, I am the first person who will say that software maker…
If your vDisk VHD file gets deleted from the image store accidentally or on purpose, you won't be able to remove the vDisk from the PVS console. There is a known workaround that is solid.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question