myITforum.com
Welcome to myITforum.com Sign in | Join | Help
in Search
Site Home Home Bloggers List Blogs Photos Downloads

Harry Waldron - My IT Forums Blog

Sharing Security Developments, and Best Practices for corporate and home users

Citrix Internet Gateways - Critical need to lock these down

Administrators should carefully examine Citrix gateways and implement improved protection.  This includes best practices for the Citrix client and server environment, VPN based access only and special handshaking trusts with port 1494 to ensure this environment is properly secured.  
 
 Government News - Lock down those Citrix gateways!
 http://www.gcn.com/blogs/tech/45220.html
 
 Citrix Opens Security Holes in Military, Federal Web Sites
 http://www.eweek.com/article2/0,1895,2193114,00.asp
 
 CITRIX: Owning the Legitimate Backdoor
 http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/
 
 Hacking CITRIX - the forceful way
 http://www.gnucitizen.org/blog/hacking-citrix-the-forceful-way/
 
 Citrix Security Best Practices
 http://www.thin-world.com/nfuse.htm
 http://www.sessioncomputing.com/security.htm
 http://www.google.com/search?hl=en&q=citrix+security+best+practices
 
 
 QUOTE: The Internet is full of wide open CITRIX gateways. This is madness!. The other day I was performing some CITRIX testing, so I had a lot of fun with hacking into GUIs, which, as most of you probably know, are trivial to break into. I did play around with .ICA files as well, just to make sure that the client is not affected by some obvious client-side vulnerabilities. This exercise led me to reevaluate great many things about ICA (Independent Computing Architecture). When querying Google and Yahoo for public .ICA files, I was presented with tons of wide open services, some of which were located on .gov and .mil domains.
 
When available over the Internet, such configuration files offer a wealth of information to malicious hackers about the server operating environments of these gateways. Even more troublesome is how the researcher found that, using his own Citrix client software, he was able to access many of these remotely available applications without log-in access. 
 
eWeek covered this problem and attributed the vulnerability less to Citrix’s software itself and more to sysadmin laxness in not properly managing port 1494, the port Citrix software usually deploys to supply applications to end users. "Citrix is able to be secured, but that's like everything else in computing: the admin needs a brain," one security observer noted on a mailing list.

Published Oct 12 2007, 02:36 PM by hwaldron

Comments

No Comments

This Blog

Syndication
Copyright - www.myITforum.com, Inc. - 2007 All Rights reserved.
Powered by Community Server (Commercial Edition), by Telligent Systems