Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Gateway to Your Data

In a series of posts to the GNUCitizen blog, security researcher pdp demonstrates just some of the risks that can come from Citrix Gateways.

Based on the available information (and it is still early in the information lifecycle), there is significant potential for this to become the next major attack vector to gain unrestricted access to internal company networks (after all, it is a gateway between networks), whether it is being used for remote network access by travelling staff, or to provide access to internal applications and data. From just one search (via Yahoo!) more than 15,000 sites returned results that could be used for further investigation.

Disturbingly, some of the concepts and approaches being used to attack and bypass the Citrix systems are several years old and are still as functional as they were the day they were first released. It is possible to lock down a Citrix installation, but it is now going to be a race between informed administrators and attackers to find where the gaps have been left in many Citrix installations. Uninformed administrators may as well already be compromised.

With the start of a new week, there is bound to be a race between the administrators of the .mil and .gov domains identified by pdp and the curious / malicious.

As it stands, pdp has released the basic tools required to look for available systems, enumerate available services, and to penetrate systems once they have been discovered. Though they are only in their initial development stages, their free availability and the accompanying description of how they work will serve as a valuable starting point for those seeking to do their own probing.

While Terminal Services and RDP provide alternatives for companies, they are the next set of applications that pdp will be turning his attention to.

8 October 2007

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.