Securing your NetScaler solutions

So this is part of one of my sessions at the local Citrix user groups next week, where one of the focus areas are around security. Where I ask the how and why do web services get attacked? Well in most cases it is that alot of the web services out there are vulnerable in one way or another. This might be because of design-flaws ( SQL, XSS, CSRF and so on) There might be because of Web Server exploits, or might just be because of stolen user credentials where someone gets access to the backed information.

Now this focus here is knowing about what information is shown externally to the world. Because if you have a public service you want to make sure that the service which is running is secure.

So for some research for this sessions I basically did a google search for NetScaler solutions in Norway, mostly against NetScaler Gateways.

The information I got back was scary!! ssllabs.com is a online tool that can be used to test web services to see which kind of protocols they support, ciphers and other TLS/SSL parameters such as HSTS and such

I found

+20 Services running old Secure Access Gateway
+30 Services running older version of Access Gateway

So atleast I found a bunch of potential consultant buisness for myself Smilefjes som blunker and maybe a smack to some of the partners in Norway.

When I looked closer at the solutions I also found more interesting stats

Only 30% of these public solution were using two-factor authentication as well. Why is this important? Solutions using for instance SSL 3 are much more open to MiTM attacks, and if you don’t have two factor authentication as well it gets easier for attackers to steal credentials and gain access. Having a low score on ssllabs.com does not say that your site is insecure, but it is an indication on how focused your buisness is on security!

Another interesting fact. This is from one of the largest webshops in Norway…

image

Would you trust a provider like this with your credit card information? Well not me!

Another interesting thing is that in most cases alot of information is shown directly back to the web sessions, which also gives hackers alot of useful information when they are doing for instance reconnaissance

image

OUCH! Get web server information and what kind of version it is running…. Why show this externally? Even thou this can be easily hidden from the research, another thing is handling 404 error messages. In some cases you get detailed information about the web server (including version and stack and such) which you can get maybe exploit.

But the latest and greatest of Citrix NetScaler is luckily more secure then the older versions of the Secure Access Gateway and such.

image

Well almost Smilefjes som blunker  stay tuned for more and ill dig more into the security aspects of how to limit the public information and setting up different solutions.