Presentation is loading. Please wait.

Presentation is loading. Please wait.

Client Access – Published applications Control through TEMPLATE.ICA Use SSL Authentication level –Remove: EncRc5-0 EncRc5-40 EncRc5-56.

Published byMorris Harper Modified over 8 years ago

Similar presentations

Presentation on theme: "Client Access – Published applications Control through TEMPLATE.ICA Use SSL Authentication level –Remove: EncRc5-0 EncRc5-40 EncRc5-56."— Presentation transcript:

1 Client Access – Published applications Control through TEMPLATE.ICA Use SSL Authentication level –Remove: EncRc5-0 EncRc5-40 EncRc5-56

2 80211X, 802.11G, 802.11b, 802.11a –11 Mbps – 55 Mbps Wireless WAN –40-120 Kbit –Public network –CDPD, 1xRTT, other High Speed access –Cable modem –xDSL (ADSL, IDSL, SDSL) Remote Access

3 Wireless LAN or WAN Secure WLAN or WWAN with Secure Gateway –Internal Firewall Port filtering at access device Firewall behind access device (ie. Extended access list) WLAN Client STA MetaFrame XP Farm WAP 1494 80 443 External Client Web Interface Secure Gateway 443

4 Connections

5 Packet filtering (port based) Prevent data from reaching unintended services Restrict data flow based on destination ports Control services that respond to requests –TCP port –UDP port –IP protocol number 1494 (TCP) 443 (TCP) 1604 (UDP) External 1494 (TCP) 443 (TCP) 1604 (UDP) Internal

6 Many links to consider…. Internet Secure Gateway Logon Agent Authorization Service + STA 3 rd Party Auth MetaFrame Secure Access Manager MetaFrame XP Server Farm HTTP(S) ICA/Secure ICA Internal Web Servers Internet Explorer and ICA Client Gateway Client Secure Gateway Proxy

7 Web Interface First things First! Mandate authentication occurs over SSL IIS Example: (IISAdmin)

8 HTTPS HTTP Web Interface / Secure Access Manager

9 Web server hardening –IIS lockdown tool –Must enable ASP (advanced) Remove sample directories from web server Move webroot from default location –CTX102001 Enforce password policies –Expire passwords –Alphanumeric combinations Remove IIS Anonymous user account –Create account to replace Disable Pass-through authentication Web Interface / Secure Access Manager

10 Disable unused services Remove unnecessary components Apply latest service packs –Free tool: HFNETCHK to review installed Hotfixes Disable default admin shares (C$, Admin$, etc.) Unbind NetBIOS from all adapters –Disable NetBIOS over TCP/IP Use Port Filtering! –80 or 443 for the STA –443 for Secure Gateway/Web Interface or Logon Agent –1494, 80 and/or 443 for MetaFrame XP Presentation servers –Use extended access lists where possible Web Interface / Secure Access Manager

11 Secure Gateway

12

13 SSL/TLS Support SSL V3.0 and TLS V1.0 secure protocols supported SSL-Secured connections may now include: –Client browser to Web Interface server –Web Interface to MetaFrame XML Service –Web Interface to Secure Ticket Authority –Secure Gateway to Secure Gateway Proxy –Secure Gateway to Authentication Service –Secure Gateway to Secure Ticket Authority –Secure Gateway to Logon Agent –Logon Agent to Authentication Service

14 Web Interface

15 Issued to Internet FQDN, not necessarily the server name* Dates are valid Corresponding private key SSL Certificate

16 Certificate Placement Server Certificate Root Certificate Server Certificate

17 Internet Secure Gateway Service Authentication Service + STA Optional 3 rd Party Auth MetaFrame Secure Access Manager MetaFrame XP Presentation Server Farm HTTP(S) ICA Internal Web Servers Internet Explorer and ICA Client Gateway Client Logon Agent Web Interface Single DMZ

18 Internet Secure Gateway Logon Agent Authentication Service + STA 3 rd Party Auth MetaFrame Secure Access Manager MetaFrame XP Server Farm Internal Web Servers Internet Explorer and ICA Client Gateway Client Secure Gateway Proxy DMZ 2DMZ 1 Web Interface HTTP(S) ICA Dual Stage DMZ

19 MMC Management Tools

20 MMC Management Tools Continued…. Secure access to all of your content –Files –Internal web content –Published applications Management console –Log connections –Real time counters

21 MMC Management Tools Continued…. Real time… –User name –Domain –Server connected –Bytes transferred –Connection time –Connection date

22 MMC Management Tools Continued…. Permon Statistics Total failed…. –Ticket validations –Validations –Connections –ACL rejected …and more…

23 Securing connections continued…. Best Practices for Securing a Secure Gateway Deployment –CTX19376

Download ppt "Client Access – Published applications Control through TEMPLATE.ICA Use SSL Authentication level –Remove: EncRc5-0 EncRc5-40 EncRc5-56."

Similar presentations

Citrix Secure Gateway v1.1 Technical Presentation August 2002 Technical Presentation August 2002.

Citrix Secure Gateway v1.1 Technical Presentation August 2002 Technical Presentation August 2002.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Citrix ® Secure Gateway Phil Montgomery Senior Product Manager Citrix Products and Services October 2001.

Citrix ® Secure Gateway Phil Montgomery Senior Product Manager Citrix Products and Services October 2001.
Guide to Network Defense and Countermeasures Third Edition

Guide to Network Defense and Countermeasures Third Edition
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.

Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
TEW-691GR Training TEW-691GR Training TEW-691GR 450Mbps Wireless N Gigabit Router.

TEW-691GR Training TEW-691GR Training TEW-691GR 450Mbps Wireless N Gigabit Router.
Installing Citrix Secure Gateway Andrew Wilmot Citrix Technical Business Development Manager Abcd IT Citrix Technical Overview.

Installing Citrix Secure Gateway Andrew Wilmot Citrix Technical Business Development Manager Abcd IT Citrix Technical Overview.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.

Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Similar presentations

Ads by Google