Securing Citrix XenApp Server in the Enterprise

Citrix Presentation Server allows remote users to work off a network server as if they weren't remote. That means: Incredibly fast access to data and applications for users, no third party VPN connection, and no latency issues. All of these features make Citrix Presentation Server a great tool for increasing access and productivity for remote users. Unfortunately, these same features make Citrix just as dangerous to the network it’s running on. By definition, Citrix is granting remote users direct access to corporate servers; achieving this type of access is also the holy grail for malicious hackers. To compromise a server running Citrix Presentation Server, a hacker need not penetrate a heavily defended corporate or government server. They can simply compromise the far more vulnerable laptop, remote office, or home office of any computer connected to that server by Citrix Presentation Server. All of this makes Citrix Presentation Server a high-value target for malicious hackers. And although it is a high-value target, Citrix Presentation Servers and remote workstations are often relatively easily hacked, because they are often times deployed by overworked system administrators who haven't even configured the most basic security features offered by Citrix. "The problem, in other words, isn't a lack of options for securing Citrix instances; the problem is that administrators aren't using them." (eWeek, October 2007). In support of this assertion Security researcher Petko D. Petkov, aka "pdp", said in an Oct. 4 posting that his recent testing of Citrix gateways led him to "tons" of "wide-open" Citrix instances, including 10 on government domains and four on military domains.

• The most comprehensive book published for system administrators providing step-by-step instructions for a secure Citrix Presentation Server.
• Special chapter by Security researcher Petko D. Petkov, aka "pdp" detailing tactics used by malicious hackers to compromise Citrix Presentation Servers.

About the Authors

Tariq Bin Azad is the Principal Consultant and founder of NetSoft Communications Inc., a consulting company located in Toronto, Canada. He is considered one of the best IT professionals by his peers, coworkers, colleagues, and customers. He obtained this status by continuously learning and improving his knowledge in the field of information technology. Currently, he holds more than 100 certifications, including MCSA, MCSE, MCTS, and MCITP (Vista, Mobile 5.0, Microsoft Communication Server 2007, Windows 2008 and Microsoft Exchange Server 2007), MCT, CIW-CI, CCA, CCSP, CCEA, CCI, VCP, CCNA, CCDA, CCNP, CCDP, CSE, and many more.

Connie Wilson (CAN, MSCE, CCA) is a Senior Network Engineer with GE Capital in a designated "Center of Excellence" technology site. Currently, she has ultimate responsibility for design, implementation, and ongoing oversight of multiple Microsoft and MetaFrame servers supporting national and international GE divisions. Her specialties are troubleshooting, new product testing, thin client intercompany consulting, and systems optimization. Connie has a broad technology background with 15 years in progressively challenging IT work and a B.S. in Telecommunications. Before joining GE as an employee, Connie was an IT Consultant for GE, contracted primarily to bring a chronically problematic MetaFrame server farm to a high level of reliability.

Michael Wright (MCSE, CCEA, CISSP) is a Senior Security Engineer with Professional Resource Group, Inc., a Pennsylvania-based consulting firm providing resources to the Department of Defense in the areas of information security and information assurance. With more than 20 years of professional experience in the information technology fields, Michael has spent the last seven years working as both an IT and INFOSEC consultant working on projects for a variety of organizations, including the Pennsylvania Turnpike Commission, Computer Sciences Corporation, and the Defense Information Systems Agency (DISA).