Citrix Netscaler SSL Rating

Is Your Netscaler Leaving Your Network Open To DDoS Attacks Or Other Security Breaches? Centrinet Is Now Offering A Free SSL Grade Rating For Your Citrix Netscaler Appliance

As the threat of distributed denial of service (DDoS) attacks becomes more and more prevalent,, it’s critical that information security professionals make the time to review the security of their infrastructure top to bottom; from cloud applications to on-site appliances.

There’s one cybersecurity protocol in particular that can drastically reduce the risk of a breach – SSL, and its newest evolution, TLS – but these protocols require that network equipment like servers or application delivery controllers (ADCs) must be properly configured to satisfy the security standards that enable this protocol to effectively mitigate the risk of a breach or attack.

A real life example: while assisting a Centrinet client (Financial Institution) with an unrelated project, one of our technicians uncovered a serious security threat. The client had incorrectly configured their Netscaler Gateway ciphers.  The result was the company scored an ‘F’ grade on a third party security audit. The misconfigured protocol meant that the client’s company security was at risk as well as their customers.

After our Engineer reconfigured the Netscaler’s settings in a short time, we then retested the Netscaler’s security rating.

By correctly configuring the appliance’s settings, the diagnostic now resulted in a solid ‘A’ grade, effectively showing that the risk of breach through the Netscaler had been mitigated. Our technician’s simple and quick optimization of their appliance’s settings was all it took to ensure the massive security risk had been eliminated.

Centrinet, a cloud virtualization and managed services provider, uses the SSLLabs service platform to perform a deep analysis of our clients Citrix Netscaler Appliances. Our proven outcomes identify the vulnerabilities and risk to their businesses as well as awareness with a grade rating from A+ to F and an action plan, required resource and skill sets, and best practices mitigating
such threats. The threats are real and can be reviewed here. Centrinet’s best practices and methodology to mitigate risk and vulnerabilities to achieve an A+ rating within our clients


The SSL, TLS, and Ciphers Security Diagnostic

There are four steps in the security diagnostic for rating the security risks associated with your Netscaler appliance. Here’s a quick overview of how the SSL testing works and how your SSL grading is determined.

  1. Verification of the SSL certificate
  2. Inspection of the server configuration
    1. Protocol support
    2. Key exchange support
    3. Cipher support
  3. Scoring based on the categories above
  4. Testing of the server configuration against a series of rules that score the configuration’s features and rules.

Centrinet is offering a complimentary security diagnostic for your SSL configuration. Please contact us with your external live site today to get your first SSL grade free

Enhance End User Experience with VDI and Profile Containers

As self-service and on-demand access of business applications continues to grow within the enterprise, the task of managing the infrastructure, networks and systems, needed to support the delivery of these applications is complex, time-consuming and often leaves IT teams overwhelmed and end users frustrated.

Slow login times, load times and latency definitely have a negative impact on your business. These are some of the leading complaints from end users leveraging VDI. Read more

Authentication Bypass Vulnerability in Citrix NetScaler

Please contact our Operations Center if we can assist you with addressing this critical Citrix Netscaler security issue requiring updates.

Read more

5 Key Benefits of Leveraging Hyper-converged Infrastructure

Today the business world is fast paced, data-driven and digital. The demands we place on IT and the underlying infrastructure to support the ever-evolving advancement of technology are often unattainable with the legacy systems that have been in place for years. The world as we know it is more mobile, distributed and application centered and our data center needs to reflect that. You don’t want to be in a situation where you can’t meet a business need due to the technology limitations in your data center.

Read more

IT Security Best Practices: Securing Cloud Access Control

Did you know that phishing attacks targeting cloud storage services make up nearly 23 percent of all security attacks, an increase of 125 percent over the past four years? It’s a strategy fraudsters are using as they try to gain access to valuable login credentials for business cloud storage accounts.

And the problem isn’t limited to unauthorized access of vital accounts. Phishing schemes are also the most common way to deliver ransomware to systems belonging to businesses, government agencies, schools, and other critical infrastructure.

It’s an IT security challenge that will become more difficult in the next few years. That means that you, as a cybersecurity leader, must plan and implement best practices to keep your company (and individual employees) from falling victim to these schemes.

Read more

10 Website Security Best Practices You Can Implement Today

According to a recent Global Security Study from Citrix conducted by the Ponemon Institute, 69 percent of respondents believe some of their organization’s existing security solutions are outdated and inadequate. This is particularly problematic when looking at the state of cybersecurity where many vulnerabilities could be fairly easily eliminated. In order to help businesses strengthen their security profile and reduce vulnerabilities, here are 10 website security best practices that can be implemented today. Read more

5 Essential Cybersecurity Training Courses and Certifications

Maintaining the highest level of info security for your organization and your customers depends heavily on your workforce. You need skilled employees who can prepare for, recognize, and handle cybersecurity threats.

But keeping up with the latest training courses and certifications for cybersecurity pros can be a challenge. There’s no centralized organization or one specific path to follow. You must be prepared to sift through the options and prioritize based on your business needs.

That’s why we’ve put together a list of essential cybersecurity training and certification programs. It will serve as a guide in making sure new hires have the right background and qualifications and in directing your ongoing education efforts.

Read more

What You Must Do to Ensure Enterprise-Level HIPAA IT Compliance

For enterprises that handle consumer healthcare information, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) has become one of the most important regulations around data security. A lack of understanding of or commitment to HIPAA requirements has proven to be costly for a variety of organizations. For example, CardioNet, a provider of remote mobile care for patients at risk for cardiac arrhythmias, was recently ordered to pay $2.5 million in noncompliance fees for not fully implementing safeguards for electronic protected health information (ePHI).

Read more

Best Practices in IT Security Services

In just the past few years, spending on cybersecurity initiatives has soared. For example, Bank of America now boasts a “whatever it takes” attitude toward budgeting for IT security services and cybersecurity. That’s because it’s crucial for businesses to keep data secure while maintaining a network with maximum availability, productivity, and efficiency.

Read more

The Enterprise IT Security Services You Need to Stay Competitive

According to the IDG 2017 Global State of Information Security Survey, 62 percent of the 10,000 respondents use managed security services for cybersecurity and privacy. This shows that enterprises understand the need for end-to-end security and well-defined policies that align with their business objectives. Of course, this journey must start with creating a plan of action for responding to each type of threat and the specific IT security services needed to do so.

Read more