Filter: All Files Submit Search. You can find these policies on the Policy Catalog page under Product : Endpoint Security Threat PreventionCitrix Cloud Services Customer Content and Log HandlingExternal Systems Confguration Guide 5.2.6. The Firewall Enterprise 7.01.02HW04 USB image includes the Admin Console installation.policies provide options to configure features, feature administration, and to log details on managed systems. Note: Download the Admin Console only for the CD-based McAfee Firewall installation image. McAfee® Firewall Enterprise (Sidewinder®) 7.0.1.03 Common Criteria Evaluated Configuration Guide 7 Set up a TOE configuration 2 Download the 7.0.1.02 Admin Console installation media.Manage SmartFilter using the firewall Admin Console. Contents Preface 17 About this guide. Secure Deployment Guide for the Citrix Cloud Platform2 McAfee Firewall Enterprise 8.3.2 Product Guide. Protocol Information Discovered Metrics Collected Used For Syslog: Event Types.Virtual Apps and Desktops Standard for Azure technical security overviewControl Plane Guidance for administrators Virtual Apps and Desktops technical security overview Secure Browser Technical Security Overview Endpoint Management Technical Security Overview Using McAfee ePO 5.10.x Using a third-party tool Using MVISION ePO Adaptive Threat Protection How Adaptive Threat Protection works Checking recent events for threats Interface Reference Guide - ePO Interface Reference Guide - Client Firewall How Firewall works Manage firewall rules and groupsMcAfee Firewall Enterprise Control Center McAfee Firewall Enterprise Control Center Release Notes, version 5.3.1 McAfee Firewall Enterprise Control Center Product Guide, version 5.3.1 McAfee Firewall Enterprise McAfee Firewall Enterprise on CloudShield Installation Guide, version 8.3.0Extend Citrix Cloud service subscriptionsCloud Connector Proxy and Firewall ConfigurationConnect Azure Active Directory to Citrix CloudAzure Active Directory Permissions for Citrix CloudConnect an on-premises Citrix Gateway as an identity provider to Citrix CloudConnect Okta as an identity provider to Citrix CloudConnect SAML as an identity provider to Citrix CloudVirtual Apps and Desktops Standard for AzureManage product usage, license servers, and notificationsCloud service license usage and reporting for Citrix Service ProvidersCustomer license and usage for Citrix Virtual Apps and Desktops serviceCustomer license and usage for Citrix Virtual Apps and Desktops Standard for AzureAssign users and groups to service offerings using LibraryScale and size considerations for Cloud ConnectorsScale and size considerations for Local Host CacheOn-premises StoreFront Authentication Reference Architectures for Citrix Virtual Apps and Desktops ServiceThe Secure Deployment Guide for Citrix Cloud provides an overview of security best practices when using Citrix Cloud and describes the information Citrix Cloud collects and manages.The following articles provide similar information for other services in Citrix Cloud: Arrange access control rules and groups.
Consult the per-service documentation for more information. Some services provide a capability to restrict the access of an administrator. Administrators of a customer have, by default, full access to all services. Ensure that only trusted administrators have access to Citrix Cloud. All administrators within a customer account can add and remove other administrators. Mcafee Firewall Enterprise Admin Guide Password Is MoreInclude at least one upper-case and lower-case letter New passwords must meet all of the following criteria: Activity refers to actions such as navigating the graphical interface, selecting configuration options, saving configuration changes, or waiting for a change to take effect.Citrix Cloud prompts administrators to change their passwords if their current password is more than 60 days old. Inactive means the session is completely idle and the administrator is not interacting with the Citrix Cloud console in any way. This 60-minute timeout cannot be changed. By default, Citrix Cloud automatically terminates administrator sessions after 60 minutes of inactivity. There is no data-at-rest that is sensitive or encrypted, and thus you do not need to manage any keys.For data-in-flight, Citrix uses industry standard TLS 1.2 with the strongest cipher suites. Instead, Citrix Cloud retrieves information such as administrator passwords on-demand (by prompting the administrator explicitly). The new password must be in effect for at least one day before Citrix Cloud allows it to be changed again.The control plane does not store sensitive customer information. The previous 24 passwords cannot be reused. The current password cannot be used as a new password. At least one character in the current password must be changed. Customers do not have control over this.The customer owns and manages the resource locations that they use with Citrix Cloud. Data sovereigntyThe Citrix Cloud control plane is hosted in the United States, the European Union, and Australia. If the Cloud Connector is installed on Windows Server 2012 R2, the strong ciphers are not available, so the following ciphers must be used: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256Consult the per-service documentation for details about encryption and key management within each service. If the Cloud Connector is installed on Windows Server 2016 or Windows Server 2019, the following strong ciphers are recommended: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 To access Citrix Cloud, customers must use a browser capable of TLS 1.2, and must have accepted cipher suites configured. Citrix ShareFile Security and Compliance Content Collaboration service documentation All critical business data (such as documents, spreadsheets, and so on) are stored in resource locations and are under customer control.For Content Collaboration, consult the following resources for information about controlling where the data resides: How to download open ivCitrix Cloud Connector Installing the Cloud ConnectorFor security and performance reasons, Citrix recommends that customers do not install the Cloud Connector software on a domain controller.Also, Citrix strongly recommends that the machines on which the Cloud Connector software is installed be inside the customer’s private network and not in the DMZ. There is an option to subscribe for updates to the platform or individual services. The site logs status and uptime information. Security issues insightThe website status.cloud.com provides transparency into security issues that have an ongoing impact on the customer. Consult the Geographical Considerations topic or the Technical Security Overviews (listed at the beginning of this article) for each service. Logging on to the machine hosting the Cloud ConnectorThe Cloud Connector allows sensitive security information to pass through to other platform components in Citrix Cloud services, but also stores the following sensitive information: Also, the customer can enable AD logging and auditing on the Cloud Connector’s machine account to monitor any AD access activity. This is the default configuration in Active Directory. Citrix supports customers who use other industry standard AV products.In the customer’s Active Directory (AD) Citrix strongly recommends that the Cloud Connector’s machine account be restricted to read-only access. Citrix tests with McAfee VirusScan Enterprise + AntiSpyware Enterprise 8.8. Configuring the Cloud ConnectorThe customer is responsible for keeping the machines on which the Cloud Connector is installed up-to-date with Windows security updates.Customers can use antivirus alongside the Cloud Connector. However, the web proxy must support SSL/TLS encrypted communication.The Cloud Connector might have other outbound ports with access to the Internet. Citrix strongly recommends that the Cloud Connector have no inbound ports accessible from the Internet.Customers can locate the Cloud Connector behind a web proxy for monitoring its outbound Internet communications. Inbound and outbound ports configurationThe Cloud Connector requires outbound port 443 to be open with access to the internet.
0 Comments
Leave a Reply. |
AuthorJohn ArchivesCategories |