Citrix Policy Lockdown 1.0

Citrix Policies are not the coolest thing to mess with but they are very important and are very often overlooked from a security perspective.  I hope this quick blog will help you look at your policies differently and help you secure your deployment.  When I’m doing Citrix Security Assessments the weak policies are usually the second biggest finding (After Patching) because they usually are just defaults and or the filters and or their order make them weaker than most clients expect them to be with some of those factors. In this article, I will go over the basics of the Citrix security policies, the scary ones you should worry about, how to check if you’re at risk and how to fix them up.  Many of these settings are enabled by default because most customers need these settings but if you look at them just one more time in most cases you should be able disable many of them. Citrix Policy Big 4 Copy\Paste Bi-directional Copy\Paste Write Allowed Formats – All Drive Mappings On by Default Major Client Fixed Drives Client Network Drives Client Removable Drives Minor Client Floppy Drives Client Optical Drives USB Mounts Disabled by Default Restrict the Devices… Read more