Jump to content
Welcome to our new Citrix community!

Cyber Insurance ADC issue


Recommended Posts

Going through a new cyber insurance process.  They are reporting that the "ADC Gateway Panel" is exposed. The only thing that is exposed to my knowledge is the login website to the store, which is protected by MFA.  The official wording is "An administrative web panel was found on one of your assets.  These type of web panels are highly targetable by bad actors trying to compromise the services"

They then reference a DNS A record for the public IP address of the ADC server on port 80.  Browsing to the address goes nowhere.  Being an insurance scan they offer nothing as far as remediation.

 

Does anyone know what this might be referencing or how I might remediate?  

Link to comment
Share on other sites

Hi GorillaMedium,
do you use a Responder Policy to Redirect HTTP Traffic to HTTPS for your Citrix Gateway, AAA, Content Switches or VServer? Please verify, that the Dummy Service does not use a Netscaler owned IP Address. There was a time when users configured 127.0.0.1 for this service to have an Always-On Service. If your redirect does NOT work, your Citrix ADC GUI gets exposed to the internet. You can use any non-existent IP Address for your Dummy Service (e.g. 6.6.6.6). There are two ways to get this Dummy Service UP.

 

1. Disable Health Monitoring on Dummy Service, so it is Always-On
2. Bind a Monitor to this Dummy Service, which checks the status of 127.0.0.1, so its Always-On too (Like Citrix does)

 

I would avoid number 2 and be sensitive with Netscaler owned IP addresses. A misconfiguration elsewhere (e.g. Service) can lead to problems that you don't realize at this moment.

 

Check the current Citrix Documentation for Redirecting HTTP Traffic to HTTPS: https://docs.citrix.com/en-us/citrix-adc/current-release/appexpert/responder/how-to-redirect-http-requests-https-using-responder.html


Best regards,
Jens

  • Like 1
Link to comment
Share on other sites

  • 2 weeks later...

Hi Jens,

 

I do not use a responder policy, the Responder feature is not checked in the Advanced Features is not selected.  I looked in the Responder actions and saw nothing there.  I don't see anything in the Health Monitors either.

 

Thank you.

Brad

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...