[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

CAG vuln assessment/audit

Posted on 2012-04-12
3
Medium Priority
?
1,330 Views
Last Modified: 2012-04-13
Our management are keen to engage a 3rd party to assess our citrix access gateway for security flaws/misconfigurations/best practice from the outside (the internet). My understanding is citrix access gateway uses 2-factor in this instance, SSL and is a very hardened linux appliance and server. Therefore, the question remains, from the outside, what kind of issues are there that could be tested for? Could you provide a top 5 areas youd review on a citrix access gateway (not secure access gateway) if you were tasked with such an audit. I dont want to go back to management and say "theres nothing to check with CAG from the outside" unless I know thats true.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 2000 total points
ID: 37841291
SSL is no security protecten for your server, it just protects the traffic on transit from client to server, nothing more, nothing less
said this, your (citrix) web server is subject to all web application threats, vulnerabilities and exploits
if you're unsure what this might be, start reading OWASP Top 10:
  https://www.owasp.org/index.php/Top_10_2010
0
 
LVL 3

Author Comment

by:pma111
ID: 37841413
Isnt the citrix access gateway though that locked down (different from secure access gateway) that if theres a flaw in the citrix login page its citrix responsibility to release a patch not the company who bought the solution? So if its fully patched thats as far as you can go. We basically get: http://cdn.ws.citrix.com/wp-content/uploads/2008/09/1.jpg And the rest of the appliance is locked down afaik.http://www.citrix.com/English/ps2/products/product.asp?contentID=15005
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 37841547
> ... if theres a flaw in the citrix login page its citrix responsibility  ..
I'd expect it that way in a trustworthy world, but check your contracts ...
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question