Solved

CAG checklist

Posted on 2012-04-04
9
446 Views
Last Modified: 2012-08-13
Are there any security benchmarks/checklists for citrix access gateway?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 17

Accepted Solution

by:
Anuroopsundd earned 167 total points
ID: 37805995
0
 
LVL 3

Author Comment

by:pma111
ID: 37806063
Is it possible to have a CAG without SSL and without 2-factor? Or are they part of the package, i.e. part of the hardened appliance? I am struggling to see what vulnerabilities you could have with CAG, if any? Whats your view?
0
 
LVL 6

Assisted Solution

by:jvr006
jvr006 earned 167 total points
ID: 37806263
You can configure the CAG to use SSL without 2-factor authentication. I don't believe there is any way to get rid of the SSL part, besides not using the appliance.

Probably the least vulnerable way to deploy the appliance is to put it in the DMZ and have users authenticate at the CAG before gaining access to the web interface.

You have other options, such as using a CAG as basically a SSL proxy. The connection would proxy through the CAG device, but authentication would take place on the web interface.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Author Comment

by:pma111
ID: 37806391
If you were doing a top level security/configuration audit of a CAG what would your top 5 checks be? ... Perhaps with some notes on the vuln of the issue if not secured/configured properly..
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37806449
Please go through the best practice document. this will help in knowing also what is best practice vs what is configured. this is what the auditor checks for
http://www.dabcc.com/thinsol/CSG/Docs/Best%20Practices%20for%20Securing%20a%20Citrix%20Secure%20Gateway%20Deployment.pdf
0
 
LVL 3

Author Comment

by:pma111
ID: 37809821
But thats for secure gateway, not CAG. They arent the same are they?
0
 
LVL 15

Assisted Solution

by:joharder
joharder earned 166 total points
ID: 37812043
Secure Gateway and Access Gateway are indeed two destinct mechanisms for controlling access to your environment.  Although both are SSL VPNs, Secure Gateway is limited in functionality as it only supports ICA/CGP (Session Reliability) traffic and nothing more.
0
 
LVL 3

Author Comment

by:pma111
ID: 37826544
So.... are there any audit/vulnerability checks that can be performed on access gateway? I find it hard to think theres non.
0
 
LVL 3

Author Comment

by:pma111
ID: 37870996
Thatll be a no then...
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Policies #XenDesktop #VDI #POC #Citrix Univeral Printer Driver #Citrix UPD
Citrix XenDesktop 7.6 Citrix Policies Graphics
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question