Solved

CAG checklist

Posted on 2012-04-04
9
426 Views
Last Modified: 2012-08-13
Are there any security benchmarks/checklists for citrix access gateway?
0
Comment
Question by:pma111
9 Comments
 
LVL 17

Accepted Solution

by:
Anuroopsundd earned 167 total points
Comment Utility
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
Is it possible to have a CAG without SSL and without 2-factor? Or are they part of the package, i.e. part of the hardened appliance? I am struggling to see what vulnerabilities you could have with CAG, if any? Whats your view?
0
 
LVL 6

Assisted Solution

by:jvr006
jvr006 earned 167 total points
Comment Utility
You can configure the CAG to use SSL without 2-factor authentication. I don't believe there is any way to get rid of the SSL part, besides not using the appliance.

Probably the least vulnerable way to deploy the appliance is to put it in the DMZ and have users authenticate at the CAG before gaining access to the web interface.

You have other options, such as using a CAG as basically a SSL proxy. The connection would proxy through the CAG device, but authentication would take place on the web interface.
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
If you were doing a top level security/configuration audit of a CAG what would your top 5 checks be? ... Perhaps with some notes on the vuln of the issue if not secured/configured properly..
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 17

Expert Comment

by:Anuroopsundd
Comment Utility
Please go through the best practice document. this will help in knowing also what is best practice vs what is configured. this is what the auditor checks for
http://www.dabcc.com/thinsol/CSG/Docs/Best%20Practices%20for%20Securing%20a%20Citrix%20Secure%20Gateway%20Deployment.pdf
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
But thats for secure gateway, not CAG. They arent the same are they?
0
 
LVL 15

Assisted Solution

by:joharder
joharder earned 166 total points
Comment Utility
Secure Gateway and Access Gateway are indeed two destinct mechanisms for controlling access to your environment.  Although both are SSL VPNs, Secure Gateway is limited in functionality as it only supports ICA/CGP (Session Reliability) traffic and nothing more.
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
So.... are there any audit/vulnerability checks that can be performed on access gateway? I find it hard to think theres non.
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
Thatll be a no then...
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Citrix XenDesktop 7.6 Citrix Policies Audio
#Citrix #XenApp #Citrix Scout #Citrix Insight Services #Microsoft VMMAP #Microsoft ADEXPLORE #Microsoft RAMMAP #Microsoft TCPVIEW #Microsoft AUTORUNS #Microsoft PROCESS EXPLORER #Microsoft PROCESS MONITOR
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now