Solved

CAG vuln assessment/audit

Posted on 2012-04-12
3
1,302 Views
Last Modified: 2012-04-13
Our management are keen to engage a 3rd party to assess our citrix access gateway for security flaws/misconfigurations/best practice from the outside (the internet). My understanding is citrix access gateway uses 2-factor in this instance, SSL and is a very hardened linux appliance and server. Therefore, the question remains, from the outside, what kind of issues are there that could be tested for? Could you provide a top 5 areas youd review on a citrix access gateway (not secure access gateway) if you were tasked with such an audit. I dont want to go back to management and say "theres nothing to check with CAG from the outside" unless I know thats true.
0
Comment
Question by:pma111
  • 2
3 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
ID: 37841291
SSL is no security protecten for your server, it just protects the traffic on transit from client to server, nothing more, nothing less
said this, your (citrix) web server is subject to all web application threats, vulnerabilities and exploits
if you're unsure what this might be, start reading OWASP Top 10:
  https://www.owasp.org/index.php/Top_10_2010
0
 
LVL 3

Author Comment

by:pma111
ID: 37841413
Isnt the citrix access gateway though that locked down (different from secure access gateway) that if theres a flaw in the citrix login page its citrix responsibility to release a patch not the company who bought the solution? So if its fully patched thats as far as you can go. We basically get: http://cdn.ws.citrix.com/wp-content/uploads/2008/09/1.jpg And the rest of the appliance is locked down afaik.http://www.citrix.com/English/ps2/products/product.asp?contentID=15005
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 37841547
> ... if theres a flaw in the citrix login page its citrix responsibility  ..
I'd expect it that way in a trustworthy world, but check your contracts ...
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now