CategorySecurity

Flexible Multi-Factor flows in Citrix ADC (NetScaler) using Azure MFA

F

I came across following issue, doing a Citrix ADC / NetScaler project: My customer wanted to use Azure MFA for internal users and LDAP/RADIUS for external users like contractors and parters. That’s a typical use-case for n-factor authentication. So how do we solve problems like that? The solution A Solution based on group membership The difference between internal and external users is...

Citrix ADC / NetScaler and TLS 1.3

C

Last change: February 4th 2021. Thanks to Dirk Bautz! This is the 2nd part to my article “Which ciphers to use on a Citrix ADC /NetScaler?” This one had been about TLS versions up to 1.2 only. Moving from TLS 1.2 to TLS 1.3 on an existing Citrix ADC ( NetScaler) may be a big step with some obstacles to overcome. It needs some investigation. The problem? It seems to be easy: Just tick...

Which cyphers to use on a Citrix ADC /NetScaler?

W

latest update: May 5th 2021 Recently I found myself in a discussion with another Citrix architect about the number of cyphers needed. I had added as little as fife cyphers to a cypher group. He thought this is not enough. Why should we have many cyphers into a cypher group? To be honest, I don’t understand. It may look flexible, feature-rich and mighty. Customers may get impressed...

A simple way for a Citrix ADC (NetScaler) to respond with a 404 not found

A

I am a big fan of cheating if it comes to security. Giving wrong answers to questions may be misleading and will direct attackers into the wrong direction. This will cost time and, at the same time, rise the risk of being caught red-handed. If someone attacks a website, he has to be discrete and fast. Discrete to not get trapped, quick to be long gone in case the owner learns about the attack. So...

Using Geo-Location in Citrix ADC / NetScaler

U

Last update: 2021-02-18   There are several use cases for geo-location information in Citrix ADC / NetScaler. It may be helpful with WAF logs. I am European, I won’t spend much time on a positive, if the log comes from North Korea, but I would consider it to be a “false positive”, if it comes from Germany, Italy or Sweden. Even though I would not consider it to be secure...

Creating Certificates for Citrix ADC (NetScaler)

C

The way we create certificates has not changed significantly over the years. Only the wizard is subject to a certain change. This blog is based on Citrix ADC 13, elder versions don’t differ significantly. The following steps are necessary to create a certificate: Generate the key pair Create the certificate-signing request Generate the certificate (either using Citrix ADC /...

How to recover a Citrix ADC/NetScaler VPX from CVE-2019-19781 (both on Hypervisor and on SDX)

H

last update: March 2nd 2020 Well, there are many guides. So why do I write a blog about it? Just to have one more? Bull shit! The truth is: I don’t like them at all! What’s wrong about all these guides? They all focus on how to remove malware currently installed on our Citrix ADCs (NetScalers). And, to be honest, it does not make the least little bit of sense. How can you ever be 100%...

How to start a Citrix ADC / NetScaler WAF Project, Part 4: Start URLs

H

This is the forth part of this blog. Part Part 1 2 3 4 5 Click here to see how to start your WAF project StartURLs are a powerful tool to protect a web server. Probably, creating StartURLs will be the first thing you need to do. There are two ways to deal with it: Learning or doing. Learning Learning does not mean, you learn, instead Citrix ADC / NetScaler learns about the application. There is...

How to start a Citrix ADC / NetScaler WAF Project Part 2: Signatures

H

This is the second part of this blog. Part 1 2 3 4 5 Click here to see how to start your WAF project Signatures Make sure, signatures get updated automatically. Today (January 22 2020) we have version 40. Check the auto update settings. Check, if Signatures Auto Update is enabled and Click on “Check URL”. This will connect to the update server and see the current version of signatures...

How to start a Citrix ADC / NetScaler WAF Project, Part 1: General

H

This is the forth part of this blog. Part Part 1 2 3 4 5 I am currently working on a Citrix ADC (NetScaler) WAF project. It’s a big international enterprise, security is of some concern to them. So everything hould be pretty much straight forward? Well, it never is. So, how to begin? Well, I almost forgot to mention: I have to introduce myself to the customer. “Hi, I’m Johannes...

Recent Posts

Recent Comments