GCN Tech Blog

By GCN Staff

Blog archive

Lock down those Citrix gateways!

Here's an underappreciated network vulnerability that the system administrator should give some thought about: Citrix gateways.

A security researcher has found a number government networks that he was able to breach by using unsecured Citrix Presentation Server gateways.

Cue the obligatory sound-the-alarm quote here: 'The Internet is full of wide open CITRIX gateways. This is madness!' wrote security researcher Petko D. Petkov, in his blog posting.

Petkov's idea was deviously simple: Do a Google search for publicly-accessible files with the .ICA extension. Independent Computer Architecture files contain the configuration information that remote computers use to tap into Microsoft Windows applications over a network, using WinFrame or Citrix Presentation Server, formerly called MetaFrame.

When available over the Internet, such configuration files offer a wealth of information to malicious hackers about the server operating environments of these gateways. Even more troublesome is how the researcher found that, using his own Citrix client software, he was able to access many of these remotely available applications without log-in access:



eWeek covered this problem and attributed the vulnerability less to Citrix's software itself and more to sysadmin laxness in not properly managing port 1494, the port Citrix software usually deploys to supply applications to end users.

"Citrix is able to be secured, but that's like everything else in computing: the admin needs a brain," one security observer noted on a mailing list.

Posted by Joab Jackson on Oct 11, 2007 at 9:39 AM


Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.