CAG checklist

Are there any security benchmarks/checklists for citrix access gateway?
LVL 4
pma111Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pma111Author Commented:
Is it possible to have a CAG without SSL and without 2-factor? Or are they part of the package, i.e. part of the hardened appliance? I am struggling to see what vulnerabilities you could have with CAG, if any? Whats your view?
jvr006Commented:
You can configure the CAG to use SSL without 2-factor authentication. I don't believe there is any way to get rid of the SSL part, besides not using the appliance.

Probably the least vulnerable way to deploy the appliance is to put it in the DMZ and have users authenticate at the CAG before gaining access to the web interface.

You have other options, such as using a CAG as basically a SSL proxy. The connection would proxy through the CAG device, but authentication would take place on the web interface.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

pma111Author Commented:
If you were doing a top level security/configuration audit of a CAG what would your top 5 checks be? ... Perhaps with some notes on the vuln of the issue if not secured/configured properly..
AnuroopsunddCommented:
Please go through the best practice document. this will help in knowing also what is best practice vs what is configured. this is what the auditor checks for
http://www.dabcc.com/thinsol/CSG/Docs/Best%20Practices%20for%20Securing%20a%20Citrix%20Secure%20Gateway%20Deployment.pdf
pma111Author Commented:
But thats for secure gateway, not CAG. They arent the same are they?
joharderCommented:
Secure Gateway and Access Gateway are indeed two destinct mechanisms for controlling access to your environment.  Although both are SSL VPNs, Secure Gateway is limited in functionality as it only supports ICA/CGP (Session Reliability) traffic and nothing more.
pma111Author Commented:
So.... are there any audit/vulnerability checks that can be performed on access gateway? I find it hard to think theres non.
pma111Author Commented:
Thatll be a no then...
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.