A common scenario and requirement is to use a HTTP Web Proxy gateway (BlueCoat, IronPort etc.) for outbound traffic to the Internet from the XenMobile Secure Web, securing and inspecting URL traffic etc. Once again we use our lovely NetScaler to meet the objectives. This post describes the implementation steps […]
June2017
Office 365 – Using NetScaler as SAML iDP
An alternative to using Microsoft ADFS (Active Directory Federation Services) as Identity Provider for accessing Office 365 cloud services, could be to use a pair of NetScaler Appliances.From a security point of view NetScaler is a great option for functioning as an authentication point. There are a few how to […]
Form Based SSO to Office 365 via XenMobile and NetScaler Traffic Policy
NetScaler Traffic Policies are great ! Control authentication settings etc. on a deeper level.In this post we look into Form Based SSO on NetScaler, as an approach to automatically submit the email adress to the login form for authentication in Microsoft Office 365. When running mVPN/VPN sessions through NetScaler Gateway, […]
Office 365 Smart Links and XenMobile
We can bypass the first sign in to Microsoft and ensure SSO when accessing Office365 services, thus improving the overall user experience. Basically we have 3 options to provide an sign in without users are required to type in their initial email address, in order to start the federated discovery […]
Implementing RDP Proxy
A really cool feature which was introduced in NetScaler 11 is the RDP Proxy feature.A Use Case I see very often, is a company who e.g. has external consultants that need secure access to an internal RDS Session Host Server in order to support a specific business environment.This scenario eliminates […]
Using Cipher Redirect on NetScaler to Report on SSL Handshake failures
On a SSL Virtual Server in NetScaler eg. Load Balancer, Content Switch or NetScaler Gateway virtual server, you could enable Cipher Redirect in order to report on SSL Handshake failures. This could be useful in troubleshooting scenarios etc. So If cipher redirect is enabled, you configure an SSL virtual server […]
ShareFile SSO with XenMobile and NetScaler
In this post we look into how to provide Single Sign On to ShareFile, by Integrating with XenMobile and NetScaler. ShareFile can basically be run as MDX (XenMobile App) or Non-MDX (ShareFile Web, Sync Tool, Drive Mapper, Plugin). This post will cover both scenarios. Pre-reqs and assumptions Following steps has […]
Application Firewall and JSON Inspection
Recently I noticed that a vulnerable web server application I had implemented NetScaler Application Firewall on (JuiceShop), did not block SQL Injection and XSS (Cross-Site-Scripting) , even thogh SQLi and XSS was set in Block Mode in Security Check in the Firewall profile. It showed to be AppFirewall not inspecting […]
NetScaler Security – Layer 4-7 DDoS Protection
NetScaler protects against Layer 4 SYN Flood attacks, by utilizing a SYN Cookie, NetScaler ensures that memory is first allocated to a TCP Session when TCP 3-way handshake is completed. Furthermore, Application Firewall and Rate Limiting could be implemented to mitigate both L4 and L7 attack. This article will focus […]
NetScaler Security – HTTP Headers
These steps should be carried out to raise the security level in HTTP Header security for a given web application controlled by NetScaler. We will be utilizing NetScaler AppExpert and Rewrite engine to meet the objectives.Note. Always implement in a test environment, to verify the impact of this change before […]