On a SSL Virtual Server in NetScaler eg. Load Balancer, Content Switch or NetScaler Gateway virtual server, you could enable Cipher Redirect in order to report on SSL Handshake failures. This could be useful in troubleshooting scenarios etc. So If cipher redirect is enabled, you configure an SSL virtual server […]
ShareFile SSO with XenMobile and NetScaler
In this post we look into how to provide Single Sign On to ShareFile, by Integrating with XenMobile and NetScaler. ShareFile can basically be run as MDX (XenMobile App) or Non-MDX (ShareFile Web, Sync Tool, Drive Mapper, Plugin). This post will cover both scenarios. Pre-reqs and assumptions Following steps has […]
Application Firewall and JSON Inspection
Recently I noticed that a vulnerable web server application I had implemented NetScaler Application Firewall on (JuiceShop), did not block SQL Injection and XSS (Cross-Site-Scripting) , even thogh SQLi and XSS was set in Block Mode in Security Check in the Firewall profile. It showed to be AppFirewall not inspecting […]
NetScaler Security – Layer 4-7 DDoS Protection
NetScaler protects against Layer 4 SYN Flood attacks, by utilizing a SYN Cookie, NetScaler ensures that memory is first allocated to a TCP Session when TCP 3-way handshake is completed. Furthermore, Application Firewall and Rate Limiting could be implemented to mitigate both L4 and L7 attack. This article will focus […]
NetScaler Security – HTTP Headers
These steps should be carried out to raise the security level in HTTP Header security for a given web application controlled by NetScaler. We will be utilizing NetScaler AppExpert and Rewrite engine to meet the objectives.Note. Always implement in a test environment, to verify the impact of this change before […]
NetScaler Security – Protecting against malicious attacks
So in this blog post we are going to look into what options exist in order to protect against malicious attackers, DDoS attacks etc. in an environment with NetScaler Application Delivery Controller as a front-end for business web applications.Furthermore we will look into additional steps to tighten and optimize security […]
Secure Mail SSO – Automatic Enrollment on Secure Mail
This post shows an option to ensure that users can access Secure Mail without entering Username and Password. This basically eliminates the need of having Exchange ActiveSync to require SSL Client Certificate authentication for the purpose of single sign on. This method uses XenMobile Secure Hub to pass credentials and […]
Troubleshooting with WireShark
From time to time it is necessary to debug on network traffic flow.Necessary in troubleshooting scenarios, but also when you need to understand a given traffic flow. This post shows some tips that can by used in Wireshark. When analyzing SSL encrypted traffic, you would need to load the private […]
Block external access to XenMobile 10 Self Help Portal
XenMobile 10 enables SelfHelp Portal out-of-the-box, this exposes single factor ldap login externally though the MDM LoadBalancer VIP on 443. This post shows how to use NetScaler in order to block all external/internet access to the Self Help Portal on XenMobile, while allowing internal access. Configuration Guideline – NS CLI […]
Location Based Access to Web Apps and IP Reputation via NetScaler
This post shows how to configure location based access and IP reputation feature for Web Apps delivered through NetScaler. Key takeaways Increase Security level on business applications, by using location based access and/or with IP Reputation. Security – limit exposure of business apps to a geo location and block known […]