This whitepaper provides summary guidance and resources for hardening against exposures that threaten server based computing and VDI environments including XenApp and XenDesktop. All changes should be implemented in a test/development environment before modifying the production environment to avoid any unexpected side effects. Finally, all efforts should be reinforced and validated through continuous penetration testing against the virtualized environment as a whole. This should provide the greatest level of resiliency against a real attack.
The guidance presented in this white paper is designed to complement existing Citrix security guidance, including product-specific eDocs, KnowledgeBase articles and detailed Common Criteria configurations. References to this information are provided at the end of this whitepaper
Global organizations including healthcare, government and financial services rely on Citrix XenApp and XenDesktop to provide secure remote access to environments and applications. When properly configured, Citrix XenApp and XenDesktop provide security measures that extend beyond what is natively available in an enterprise operating system by providing additional controls enabled through virtualization. Citrix and Mandiant are working together to optimize the security of virtualized environments. This joint Citrix and Mandiant whitepaper outlines recommendations and resources for maintaining optimal security for Citrix XenApp and XenDesktop and highlights some of the real world misconfigurations often uncovered by Mandiant security engagements.