Lock down those Citrix gateways!
Here's an underappreciated network vulnerability that the system administrator should give some thought about: Citrix gateways.A security researcher has found a number government networks that he was able to breach by using unsecured Citrix Presentation Server gateways
Cue the obligatory sound-the-alarm quote here: 'The Internet is full of wide open CITRIX gateways. This is madness!' wrote security researcher Petko D. Petkov, in his blog posting.
Petkov's idea was deviously simple: Do a Google search for publicly-accessible files with the .ICA extension. Independent Computer Architecture files contain the configuration information that remote computers use to tap into Microsoft Windows applications over a network, using WinFrame or Citrix Presentation Server, formerly called MetaFrame.
When available over the Internet, such configuration files offer a wealth of information to malicious hackers about the server operating environments of these gateways. Even more troublesome is how the researcher found that, using his own Citrix client software, he was able to access many of these remotely available applications without log-in access:eWeek covered this problem
and attributed the vulnerability less to Citrix's software itself and more to sysadmin laxness in not properly managing port 1494, the port Citrix software usually deploys to supply applications to end users.
"Citrix is able to be secured, but that's like everything else in computing: the admin needs a brain," one security observer noted on a mailing list.
Posted by Joab Jackson on Oct 11, 2007 at 9:39 AM