Solved

CAG vuln assessment/audit

Posted on 2012-04-12
3
1,305 Views
Last Modified: 2012-04-13
Our management are keen to engage a 3rd party to assess our citrix access gateway for security flaws/misconfigurations/best practice from the outside (the internet). My understanding is citrix access gateway uses 2-factor in this instance, SSL and is a very hardened linux appliance and server. Therefore, the question remains, from the outside, what kind of issues are there that could be tested for? Could you provide a top 5 areas youd review on a citrix access gateway (not secure access gateway) if you were tasked with such an audit. I dont want to go back to management and say "theres nothing to check with CAG from the outside" unless I know thats true.
0
Comment
Question by:pma111
  • 2
3 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
ID: 37841291
SSL is no security protecten for your server, it just protects the traffic on transit from client to server, nothing more, nothing less
said this, your (citrix) web server is subject to all web application threats, vulnerabilities and exploits
if you're unsure what this might be, start reading OWASP Top 10:
  https://www.owasp.org/index.php/Top_10_2010
0
 
LVL 3

Author Comment

by:pma111
ID: 37841413
Isnt the citrix access gateway though that locked down (different from secure access gateway) that if theres a flaw in the citrix login page its citrix responsibility to release a patch not the company who bought the solution? So if its fully patched thats as far as you can go. We basically get: http://cdn.ws.citrix.com/wp-content/uploads/2008/09/1.jpg And the rest of the appliance is locked down afaik.http://www.citrix.com/English/ps2/products/product.asp?contentID=15005
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 37841547
> ... if theres a flaw in the citrix login page its citrix responsibility  ..
I'd expect it that way in a trustworthy world, but check your contracts ...
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Virus On motherboard 6 64
Outlook 2010 Security Alert when opening Outlook 4 59
fb messenger security and privacy 15 57
User account lockout - Server 2012R2 7 27
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques. This attack comes as a nightmare trifecta for email filtering services; sent from a familiar contact, using authentic tone and verbi…
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question