I am a looking at piloting a citrix access solution but in order to do so i need to create a full ADS (Accreditation document Set) and risk assessment to be approved by our security board...something that is not enjoyable and will take some time.
I am interested in any opinions as to the security of such a project.
My understanding of this is that an https connection is made to the gateway and then using one of many forms of authentication a user is then able to access published applications via a connection that is proxied through the gateway. As the gateway is located within a DMZ and as long as the security between the gateway and backend servers is strong then the connections are secure.
I have done some searching around the web and come up with some answers as to the security risks although a lot of these were a few years old.
Does anyone have any opinions as to the security of such a project and what if anything can be done to mitigate the risks? IDS will be running behind the firewall. I would also like to test the security of this and was wondering whether https tunnelling would pose a major problem this kind of connection.
My main concern is that at present we have no incoming connections straight from the internet via this link and so all my documentation will need to be spot on to pass the board.
Any thoughts welcome as got someideas just could use some educated thought from other people in the field, also any sites that show how to make citirx access secure would be good.