Problem solve Get help with specific problems with your technologies, process and projects.

What are the security risks involved in eliminating VPN and deploying Citrix Secure Gateway?

We currently have a VPN deployed for remote users accessing applications on our network. We would like to eliminate the VPN and deploy Citrix Secure Gateway instead because of the large potential cost savings, no client installation & management, etc. What are the security risks, if any, of moving this direction versus a VPN? Are the clients still vulnerable to attacks?
As with any infrastructure change it is good that you are thinking about the risk of changing a platform. Clients will still be vulnerable to attacks, though these may be of different types than you current VPN setup. Without detailed knowledge of the proposed configuration it is a bit difficult to list the risks, but there are several areas to consider. Citrix provides many advantages, but care must be taken since it enables many users to map and share files through a common system. Authentication and authorization must be sufficient to isolate the users from each other, and restrict them from accessing items they shouldn't. This is largely an administrative function. Anti-virus is crucial, as one infected user has the potential to infect many clients indirectly and directly.

I would recommend that you list the controls, and risks of the current system, and then review how the proposed system meets the same requirements, and assess where deficiencies may be.

This was last published in September 2003

Dig Deeper on Network Access Control

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.