A common scenario and requirement is to use a HTTP Web Proxy gateway (BlueCoat, IronPort etc.) for outbound traffic to the Internet from the XenMobile Secure Web, securing and inspecting URL traffic etc. Once again we use our lovely NetScaler to meet the objectives. This post describes the implementation steps […]
NetScaler
Office 365 – Using NetScaler as SAML iDP
An alternative to using Microsoft ADFS (Active Directory Federation Services) as Identity Provider for accessing Office 365 cloud services, could be to use a pair of NetScaler Appliances.From a security point of view NetScaler is a great option for functioning as an authentication point. There are a few how to […]
Form Based SSO to Office 365 via XenMobile and NetScaler Traffic Policy
NetScaler Traffic Policies are great ! Control authentication settings etc. on a deeper level.In this post we look into Form Based SSO on NetScaler, as an approach to automatically submit the email adress to the login form for authentication in Microsoft Office 365. When running mVPN/VPN sessions through NetScaler Gateway, […]
Implementing RDP Proxy
A really cool feature which was introduced in NetScaler 11 is the RDP Proxy feature.A Use Case I see very often, is a company who e.g. has external consultants that need secure access to an internal RDS Session Host Server in order to support a specific business environment.This scenario eliminates […]
Using Cipher Redirect on NetScaler to Report on SSL Handshake failures
On a SSL Virtual Server in NetScaler eg. Load Balancer, Content Switch or NetScaler Gateway virtual server, you could enable Cipher Redirect in order to report on SSL Handshake failures. This could be useful in troubleshooting scenarios etc. So If cipher redirect is enabled, you configure an SSL virtual server […]
Application Firewall and JSON Inspection
Recently I noticed that a vulnerable web server application I had implemented NetScaler Application Firewall on (JuiceShop), did not block SQL Injection and XSS (Cross-Site-Scripting) , even thogh SQLi and XSS was set in Block Mode in Security Check in the Firewall profile. It showed to be AppFirewall not inspecting […]
NetScaler Security – Layer 4-7 DDoS Protection
NetScaler protects against Layer 4 SYN Flood attacks, by utilizing a SYN Cookie, NetScaler ensures that memory is first allocated to a TCP Session when TCP 3-way handshake is completed. Furthermore, Application Firewall and Rate Limiting could be implemented to mitigate both L4 and L7 attack. This article will focus […]
NetScaler Security – HTTP Headers
These steps should be carried out to raise the security level in HTTP Header security for a given web application controlled by NetScaler. We will be utilizing NetScaler AppExpert and Rewrite engine to meet the objectives.Note. Always implement in a test environment, to verify the impact of this change before […]
NetScaler Security – Protecting against malicious attacks
So in this blog post we are going to look into what options exist in order to protect against malicious attackers, DDoS attacks etc. in an environment with NetScaler Application Delivery Controller as a front-end for business web applications.Furthermore we will look into additional steps to tighten and optimize security […]
Block external access to XenMobile 10 Self Help Portal
XenMobile 10 enables SelfHelp Portal out-of-the-box, this exposes single factor ldap login externally though the MDM LoadBalancer VIP on 443. This post shows how to use NetScaler in order to block all external/internet access to the Self Help Portal on XenMobile, while allowing internal access. Configuration Guideline – NS CLI […]