• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1337
  • Last Modified:

CAG vuln assessment/audit

Our management are keen to engage a 3rd party to assess our citrix access gateway for security flaws/misconfigurations/best practice from the outside (the internet). My understanding is citrix access gateway uses 2-factor in this instance, SSL and is a very hardened linux appliance and server. Therefore, the question remains, from the outside, what kind of issues are there that could be tested for? Could you provide a top 5 areas youd review on a citrix access gateway (not secure access gateway) if you were tasked with such an audit. I dont want to go back to management and say "theres nothing to check with CAG from the outside" unless I know thats true.
0
pma111
Asked:
pma111
  • 2
1 Solution
 
ahoffmannCommented:
SSL is no security protecten for your server, it just protects the traffic on transit from client to server, nothing more, nothing less
said this, your (citrix) web server is subject to all web application threats, vulnerabilities and exploits
if you're unsure what this might be, start reading OWASP Top 10:
  https://www.owasp.org/index.php/Top_10_2010
0
 
pma111Author Commented:
Isnt the citrix access gateway though that locked down (different from secure access gateway) that if theres a flaw in the citrix login page its citrix responsibility to release a patch not the company who bought the solution? So if its fully patched thats as far as you can go. We basically get: http://cdn.ws.citrix.com/wp-content/uploads/2008/09/1.jpg And the rest of the appliance is locked down afaik.http://www.citrix.com/English/ps2/products/product.asp?contentID=15005
0
 
ahoffmannCommented:
> ... if theres a flaw in the citrix login page its citrix responsibility  ..
I'd expect it that way in a trustworthy world, but check your contracts ...
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now