Looking for:
Citrix receiver security |
Citrix receiver security.Technical security overview
What's new. Known issues. System requirements. Technical security overview. Technical security overview for Citrix Managed Azure. Delivery methods. Plan and build a deployment. Sign up. Citrix DaaS for Google Cloud. Machine identities. Active Directory. Azure Active Directory joined. Microsoft Intune. Hybrid Azure Active Directory joined. Set up resource location. Amazon Web Services cloud environments. Citrix Hypervisor virtualization environments.
Google Cloud Platform environments. Microsoft Azure Resource Manager cloud environments. Nutanix virtualization environments. Nutanix cloud and partner solutions. VMware virtualization environments.
VMware cloud and partner solutions. Size and scale considerations for Cloud Connectors. Install VDAs. Install VDAs using the command line. Create and manage connections. Connection to AWS. Connection to Citrix Hypervisor. Connection to Google cloud environments. Connection to Microsoft Azure Resource Manager. Connection to Nutanix. Connection to Nutanix cloud and partner solutions.
Connection to VMware. Connection to VMware cloud and partner solutions. Create machine catalogs. Create an AWS catalog. Create a Citrix Hypervisor catalog. Create a Google Cloud Platform catalog. Create a Microsoft Azure catalog. Create a Nutanix catalog. Create a VMware catalog. Create machine identities joined catalogs. Create Azure Active Directory joined catalogs. Create Microsoft Intune enabled catalogs. Create Hybrid Azure Active Directory joined catalogs.
Create non-domain-joined catalogs. Manage machine catalogs. Manage an AWS catalog. Manage a Citrix Hypervisor catalog.
Manage a Google Cloud Platform catalog. Manage a Microsoft Azure catalog. Manage a VMware catalog. Quick Deploy. Get started with Quick Deploy. Create catalogs using Quick Deploy. Manage catalogs in Quick Deploy. Azure subscriptions in Quick Deploy. Images in Quick Deploy. Network connections in Quick Deploy.
Users and authentication in Quick Deploy. Monitor in Quick Deploy. Troubleshoot in Quick Deploy. Quick Deploy reference. Create delivery groups.
Manage delivery groups. Create application groups. Manage application groups. Remote PC Access. Remove components. User personalization layer.
Upgrade VDAs. Migrate configuration to Citrix Cloud. Migrate from on-premises to cloud. Merge multiple on-premises sites to a single cloud site. Migrate from cloud to cloud. Automated Configuration tool cmdlets. Troubleshoot Automated Configuration and additional information.
Migrate workloads to public cloud. Work with policies. Policy templates. Create policies. Prioritize, model, compare, and troubleshoot policies. Adaptive transport. Rendezvous protocol. Rendezvous V1. Rendezvous V2. Citrix ICA virtual channels. Double-hop sessions. Generic USB devices. Mobile and touch screen devices.
Serial ports. Specialty keyboards. TWAIN devices. WIA devices. HDX 3D Pro. Text-based session watermark. Audio features. Browser content redirection.
Security considerations and best practices | Citrix Virtual Apps and Desktops 7 .Vulnerabilities in Citrix Workspace app and Receiver for Windows
Current Release. Citrix Virtual Apps and Desktops 7 What's new. Fixed issues. Known issues. System requirements. Technical overview. Active Directory. Delivery methods. Network ports. Adaptive transport. ICA virtual channels. Double-hop sessions. Install and configure.
Prepare to install. Microsoft Azure Resource Manager cloud environments. Citrix Hypervisor virtualization environments. Microsoft System Center Configuration Manager environments. VMware virtualization environments. AWS cloud environments. Google Cloud environments. Nutanix virtualization environments. Install core components. Install Web Studio. Install VDAs. Install using the command line. Install VDAs using scripts. Create a site. Create machine catalogs.
Manage machine catalogs. Create delivery groups. Manage delivery groups. Create application groups. Manage application groups.
Remote PC Access. Publish content. Server VDI. User personalization layer. Remove components. Upgrade and migrate. Upgrade a deployment. App protection. Contextual App Protection for StoreFront. Contextual App Protection for Workspace. App Protection for hybrid launch for Workspace. App Protection for hybrid launch for StoreFront.
Delegated administration. Federated Authentication Service. FIDO2 authentication. Manage security keys. Security considerations and best practices. Smart cards. Smart card deployments. Pass-through authentication and single sign-on with smart cards. Virtual channel security. Generic USB devices. Mobile and touch screen devices. Serial ports. Specialty keyboards. TWAIN devices. WIA devices. HDX 3D Pro. Text-based session watermark.
Screen sharing. Virtual display layout. Audio features. Browser content redirection. HDX video conferencing and webcam video compression. HTML5 multimedia redirection. Optimization for Microsoft Teams. Monitor, troubleshoot, and support Microsoft Teams. Windows Media redirection. General content redirection. Client folder redirection. Host to client redirection. Bidirectional content redirection. Generic USB redirection and client drive considerations. Printing configuration example.
Best practices, security considerations, and default operations. Printing policies and preferences. Provision printers. Maintain the printing environment. Work with policies. Policy templates. Create policies. Compare, prioritize, model, and troubleshoot policies.
Default policy settings. Policy settings reference. ICA policy settings. HDX features managed through the registry. Load management policy settings. Profile management policy settings. User personalization policy settings. Virtual Delivery Agent policy settings. Virtual IP policy settings. Connector for Configuration Manager policy settings. Multi-type licensing. FAQ for licensing. App packages.
Citrix receiver security.Security considerations and best practices
If you require technical assistance with this issue, please contact Citrix Technical Support. Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. Failed to load featured products content, Please try again.
Customers who viewed this article also viewed. Log in to Verify Download Permissions. Description of Problem Vulnerabilities have been identified in Citrix Workspace app and Citrix Receiver for Windows that could result in a local user escalating their privilege level to administrator during the uninstallation process.
What Customers Should Do Citrix strongly recommends that customers upgrade to Citrix Workspace app version or later. Acknowledgements Citrix would like to thank Andrew Hess for working with us to protect Citrix customers. What Citrix Is Doing Citrix is notifying customers and channel partners about this potential security issue. Reporting Security Vulnerabilities Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously.
Was this page helpful? Thank you! Sorry to hear that. Name Name is required. Email Email address is required. Close Submit. About this release. System requirements and compatibility. Install and Uninstall. Get started. Configuring Single sign-on. Domain pass-through access matrix. Storebrowse for Workspace. Citrix Workspace app Desktop Lock. ICA settings reference. Aviso legal. Este texto foi traduzido automaticamente.
Este artigo foi traduzido automaticamente. To secure the communication between Citrix Virtual Apps and Desktops server and Citrix Workspace app, you can integrate your Citrix Workspace app connections using a range of secure technologies such as the following:.
Also, lets administrators control user access to desktops and applications in a detailed way. Network firewalls can allow or block packets based on the destination address and port. TLS secures data communications by providing server authentication, encryption of the data stream, and message integrity checks.
Some organizations, including U. FIPS is a standard for cryptography. To use TLS encryption as the communication medium, you must configure the user device and the Citrix Workspace app. For information about securing StoreFront communications, see the Secure section in the StoreFront documentation.
Select Enabled to enable secure connections and to encrypt communication on the server. Set the following options:. Otherwise, Citrix Workspace app might fail to connect to the published applications and desktops. If the server certificate does not comply, Citrix Workspace app might fail to connect. From the Allowed TLS servers drop-down menu, select the port number.
Use a comma-separated list to ensure that the Workspace app connects only to a specified server. You can specify wildcards and port numbers. The issuer of the certificate asserts the accuracy of the information in a security certificate. If Citrix Workspace does not recognize or trust the issuer, the connection is rejected. TLS 1. This option is recommended only if there is a business requirement for TLS 1. Only local certificate revocation list stores are used. All distribution points are ignored.
Local Certificate Revocation List stores and all distribution points are used. If revocation information for a certificate is found, the connection is rejected. Finding all required Certificate Revocation Lists is critical for verification. Using the Policy Extension OID , you can limit Citrix Workspace app to connect only to servers with a specific certificate issuance policy. Select automatically if possible - Prompt the user only if there a choice of the certificate to identify.
Use specified certificate - Use the client certificate as set in the Client Certificate option. For information on the internal and external network connections matrix, see the Citrix Knowledge Center article CTX Trusted server configuration policy identifies and enforces trust relations in Citrix Workspace app connections. Using this policy, administrators can control how the client identifies the published application or desktop it is connecting to.
The client determines a trust level, called a trust region with a connection. The trust region then determines how the client is configured for the connection. By default, region identification is based on the address of the server the client is connecting to.
To be a member of the trusted region, the server must be a member of the Windows Trusted Sites zone. You can configure this using the Windows Internet zone setting. Alternatively, the server address can be specifically trusted using the Address setting.
When this policy is enabled and the server is not in the trusted region, the connection is prevented, and an error message is displayed. The identified server must be added to the Windows Trusted Sites zone for the connection to succeed.
For SSL connections, the certificate common name must be trusted. For non-SSL connections all servers that are contacted must be individually trusted. For information, see Modify the Internet Explorer settings in Authenticate section.
In addition to allowing or preventing connections to the servers, the client also uses the regions to identify file, microphone, or webcam, SSO access. When the user has selected the default value for a region then the following dialog box might appear:. Administrators can modify this default behavior by creating and configuring the Client Selective Trust registry keys either using the Group Policy or in the registry.
The ICA file signing helps protect you from an unauthorized application or desktop launch. Citrix Workspace app verifies that a trusted source generated the application or desktop launch based on an administrative policy and protects against launches from untrusted servers. If the CitrixBase.
No comments:
Post a Comment