2. Citrix.com3
David Cenciotti
Citrix Systems
Sales Engineer & Security Evangelist
Rome, Italy
david.cenciotti@citrix.com
Aknowledgements:
The Author wishes to thank all those people who helped prepare this booklet. Among them,
special credits go to Antonio Marotta, who provided continuous advice and feedbacks, and
to Massimiliano Grassi and Benjamin Jolivet, who supported the whole project. Roger Howell
reviewed the initial draft whilst Emanuele Mornini, Aldo Amati, Lorenzo Di Palma and Davide
Bassani provided valuable details and hints.
3. 4Citrix.com
1. Foreword 2
2. Background 4
3. Introduction to the Model 5
3.1 Building blocks 10
4. “User Centric” 14
4.1 The App Store 15
4.2 Optimized User Experience 16
4.3 BYOD-ready 17
5. “Interoperable” 18
6. “Secure” 19
6.1 Centralized Application execution 20
6.2 Application Delivery Controller 24
6.3 Facing the “Mobility threat” 26
6.3.1 Sandboxed platforms 26
7. “Cost Effective” 29
8. A use case: the Ransomware kill chain 31
4. Citrix.com2
1. Foreword
Wearables used to monitor activity
level and individuals’ health state.
Collaboration software used to
create virtual conference rooms
and messaging tools connecting
people through dynamic software-
defined wide area networks.
Data increasingly moving from
on-premise to Cloud hosting
environments. Software and
applications provisioned on-the-
fly and made available through
virtualized remote sessions
regardless of connecting device’s
originating network and OS
(Operating System). Drones feeding
real-time videos to their remote
operators and aircraft engines
streaming TB (Terabyte) of data to
remote maintenance systems.
Those mentioned above are just a
few examples of how technology
influences everyday business
and personal life. The impact of
“pervasive technologies” on today’s
society is often referred to as
“Digital Transformation”, part of the
so-called “Revolution 4.0”, where
fusion of technologies is blurring the
lines between the physical, digital,
and biological spheres.
Whilst a large mix of digital
technologiesismakingtheworldfully
connected to improve collaboration,
learning, information sharing and
decision-making, companies around
the world continue to invest in
research and development and
seek new technologies that can give
them an advantage on their market.
More or less what their old and new
“enemies” are doing at the same
speed, or faster.
For instance,today’s joint operations
on the battlefield require reliable
information gathered through a
wide variety of sensors aboard
drones, spyplanes or provided by
troops operating in the field around
the world to decision makers oceans
apart. The digitized information is
collected at the tactical edge and
delivered via the secure network
connections to the data center
where it can be “transformed”
through analytics and machine
learning to generate critical insight
and gain the so-called “Information
Superiority”. Such insights can be
then shared back to the deployed
soldiers at the edge in real-time.You
can “translate” the above use case
into any one you like.
Whilst not simple to achieve, the
transformation of images and
signals to data, data to knowledge,
and knowledge to decision, heavily
relies on technology and end-to-end
secure fabric. A network of networks
that APTs (Advanced Persistent
Threats) may try to infiltrate by any
means including the new devices
interconnected at the edge as part
of the continued growth of the
(IoT) Internet of Things.
Moreover, a growing reliance on
technology implies new advanced
5. 3Citrix.com
adversaries to face: in fact, the so-
called Revolution 4.0 has already
completely changed the geopolitical
landscape requiring Defense
and National Security to evolve
and include the Cyber domain
because even smaller economies,
organizations or individuals (backed
by some intelligence service or not)
can pose a significant threat to
larger nations today.
So, Digital Transformation is today
about using mobile devices and
remote sensors to collect data
at the edge, transfer it to where
is needed (including a private
cloud), process it to get actionable
intelligence, and send the orders
back to the user/operator deployed
abroad in the shortest time possible:
a process that requires cutting
edge technologies developed by
companies that are today more
exposed than ever to the new
emerging threats, and increasingly
in the need to show their ability to
comply with new security standards
if they want to continue working on
the most advanced (hence targeted)
programs.
Attackers have been trying to
intrude Government and Private
Sector’s firms’ networks, often
with real cyber weapons, for years.
“Software-based” weapons systems,
IoT capabilities, Big Data, Cloud
Computing and digitization will
simply expand the attack surface
they can target, making them even
more aggressive and dangerous
than ever before thanks to the
speed of the 5G connectivity that
will be the driver for more services
as well as more powerful attacks.
Therefore, a Cybersecurity strategy
covering the whole technological
domain will be the key to address
new and existing risks and threats
before these can give the enemy an
edge both in the cyberspace and in
the battlefield.And such strategy will
not have to cover “defensive” cyber
operations only but also “offensive”
ones. For instance, companies
that have designed and developed
“legacy” EW (Electronic Warfare)
systems and pods are increasingly
working on Cyber EW capabilities
too: indeed, EW aircraft are already
embedding (or are about to embed)
in-flight hacking capabilities to
conduct malware attacks by air-
gapping closed networks.
6. Citrix.com4
2. Background
Personal computers, laptops and
more recently smartphones and
tablets have become the standard
means humans use today to interact
one another. People rely on services
delivered and made available to
their device to socialize, study, work
or communicate. Moreover, new un-
traditional devices are continuously
connected to Internet to perform
activities in an autonomous way.
On the other side, organizations
make devices and app available
to their employees to enhance
productivity, collaboration and
convenience. Each time users
start an app on any of the above-
mentioned platforms, they want
the service to be accurate, properly
formatted with a designed-for-
their-device look and feel, optimized
for delivery through unreliable
connections, with an acceptable
response time. Regardless to
whether they are using the device
to send an email, to check the
balance on their e-banking account,
to make a purchase on eBay, or to
transmit sensitive data to their
home base during an intelligence
gathering mission, users heavily
rely on the apps on their device
with confidence that it will perform
as expected. Depending on the
scenario, the consequences of a
failure could be significant: whilst
the inability to send an email could
cost an organization the closure of
an important deal, the lack to deliver
a sensitive geo-location data to the
app used by a military involved in
Crisis Support Operation could cost a
nation human lives. Needless to say
while apps set high expectations on
the user side, organizations which
make those apps available to their
employees have to deal with a
series of issues: the presence of
legacy servers which support core
applications, that can be difficult to
update without affecting production
services; budget constraints that
prevent or limit the investments
required to update or migrate
existing applications; the number
and diversity of user devices, that
make monitoring,patching,updating
difficult and costly to implement; the
lack of hi-bandwidth networks to
support interactive and streaming
services.
Furthermore, last but not least,
organizations have to be sure
they deliver the service in a
timely fashion, optimizing the
user experience, while preventing
compromise of both remote
devices and backend data. A
population of several different
devices, can become the vector of
an immense number of modern
attacks capable to pose a significant
threat to the organizations most
important assets, and capable to
affect the Confidentiality, Integrity
and Availability properties of the
information. Hence the need to
deliver applications in such a
way to meet the organizations
requirements while ensuring the
7. 5Citrix.com
expected user experience and, last
but not least, protecting data end-
to-end in order to prevent data
theft and compromise, service
disruptions.
3. Introduction to the Model
Although several different logical
and physical components co-
exist and cooperate on the same
hardware with different features,
limits, performance, etc., user
devices are usually considered as
a whole: monolithic units with their
own form factor, operating system,
apps and network interfaces.
In fact, most of today’s systems were designed &
built in the PC Era and are based on some core
assumptions:
• That people use application services (made
available through Public or Private networks)
from their office, hence from devices
interconnected to a hi-speed wired network.
• That services that IT delivers are largely
designed as premise-based,built in a monolithic
way and offered in suites of apps.
Over time, these assumptions have
become anachronistic, forcing
organizations to over-invest
in terms of money and effort
to manage exceptions. Mobile
workers were exceptions; complex
web pages with hundred objects,
javascripts and large images were
an exception; personal devices were
an exception; wireless connectivity
was an exception; cloud-based
services were exceptions; and apps
downloadable through an app
store?
Exceptions as well. In other words,
the exceptions of the PC Era have
become the assumptions of the
Cloud Era: regardless to the type
of their “core business”, companies
and organization have to deal
with a workforce where everyone
is assumed to be mobile and
enabled with multiple personal
devices. These employees connect
over wireless networks and use
Apps delivered as cloud services,
in the form of private, hybrid or
public clouds. Social networks have
become the tools to deliver new
online services.
Then, there is something more to
consider: the growing importance of
the Internet of things (IoT). The IoT
is the inter-networking of physical
devices equipped with electronics,
8. Citrix.com6
software, sensors, actuators, and
network connectivity which enable
these objects (referred to as
“connected things”) to collect and
exchange data.
Drawing representing the Internet of things (IoT). (Credit: Wilgengebroed on Flickr via Wiki)
9. 7Citrix.com
Based on some recent estimates, there will be about 30 Billion devices
connected to the IoT by 2020.
Almost every device that is able
to connect to the Internet can be
considered as a “connected thing”:
smartphones, wearables, personal
computers, refrigerators, smart
meters, cars, buildings and, why
not, aircraft can be considered IoT
devices that communicate with one
another. Smart homes are enabled
by IoT devices. Just think to this
scenario: a user arrives home and
his car autonomously communicates
with the garage to open the door.
The thermostat is already adjusted
to his preferred temperature, due
to sensing his proximity. He walks
through his door as it unlocks in
response to his smart phone or
RFID implant. The home’s lighting
is adjusted to lower intensity and
his chosen color for relaxing, as his
pacemaker data indicates that it’s
been a stressful day.
The raise of IoT Devices (credit: BI Intelligence
http://www.businessinsider.com/internet-of-everything-2015-bi-2014-12)
10. Citrix.com8
A map of internet outages in Europe and North America caused by the Dyn cyberattack (as of 21 October
2016 1:45pm Pacific Time). Credit: Wiki
What is somehow worrisome about
the proliferation of IoT devices is the
fact that most of these are poorly
protected and hackable. Between
September and October 2016, a
botnet made of hundreds thousands
under-secured IoT devices (mainly
CCTV cameras) was used to perform
one of the largest distributed denial
of service (DDoS) attacks ever: a
malware dubbed “Mirai” identified
vulnerable IoT devices and turned
these networked devices into
remotely controlled “bots” that
could be used as part of a botnet
in large-scale network attacks. On
Oct. 21 2016, the so-called “Mirai IoT
botnet”remotely instructed 100,000
devices to target the DNS services
of DNS service provider Dyn. As a
result, much of America’s internet
was brought down by the cyber-
attack, because it prevents the
accessibility of several high-profile
websites.
11. 9Citrix.com
A Model built around this new set of
assumptions and a completely new
and ever-changing scenario is ready
to serve at no incremental cost
for the organization anyone who
works at office, using a corporate-
provided device, connecting to a
wired LAN to use premise-based
legacy apps: in other words, in the
new Model, exceptions are free.
The SAM described in this paper
is based on a layered approach.
Whilst every device is made of
several different components we
can consider it as made by several
homogeneous abstraction layers.
The layers envisioned by the Model
are: User, App (Applications), OS
(Operating System), HW (Hardware),
Net (Network).
From top to bottom, layers represent
device’s internal or external entities
with strong ties with the rest of the
stack but almost independent one
another in terms of requirements:
for instance, higher on the stack in
the User which includes humans
and their needs to obtain the best,
optimized experience from the
underlying layers. The User layer
will ask for the required services at
the expected degree of efficiency,
regardless to the type of Operating
System or Network he/she is
using. To make it simple, each layer
relies on the underlying ones even
though it does not “know” anything
about their existence, details,
specifications, requirements, etc.
The following paragraphs will explain how the SAM can address such
requirements through a layered approach.
The SAM’s layered approach overcomes the limits imposed by a
monolithic model providing a tool to deliver applications in the Cloud-
era in such a way they are:
1. User Centric
2. Interoperable
3. Secure
4. Cost effective
12. Citrix.com10
Session Virtualization: centralized execution of any application made
available to the users (regardless to their location, network or device)
through a secure presentation protocol. An App Store is used to provision,
download and/or launch the desired app.
Application Delivery Controller:the Front End for thevirtualized applications.
It’s where the policies (authentication, security, optimizations, etc.) are
implemented. The ADC publishes an enterprise “App Store” from where the
user can download or select the required App. It is also used to balance
sessions towards the backend servers ensuring availability of the services.
Since the ADC is the network element used to access the applications, it
will provide security features (content filtering, anti-DDoS, Web Application
Firewall, IPS controls, etc.).
SD-WAN: is the technology used to improve and optimize performance
of the remote users who need to use the apps through unreliable or low-
bandwidth connections. SD-WAN can also be used to “build” hybrid cloud
infrastructures with local appliances interconnecting to the virtual ones
provisioned through the marketplace of the main Cloud Service Providers.
Mobile Store: it’s the controller of the apps installed on the mobile devices
within a BYOD scenario. It enables the organizations to perform centralized
provisioning and management of the corporate applications running on
personal devices.
3.1 Building blocks
Before explaining the reasons why
the Security Architecture Model is
User Centric, Interoperable, Secure
and Cost Effective, let’s see which
are the main building blocks of the
framework. Such building blocks
can be either on premises or cloud-
based.
Although their features and role will become clearer in the subsequent
paragraphs, these are the building blocks of the SAM:
13. 11Citrix.com
Unified Management and Analytics plane: the SAM leverages on unified
management, reporting and collecting tools, as well as machine learning to
provide IT managers the tools to manage all the components, devices, and
to monitor the performance of the entire infrastructure. Deployed either on
premise or in the Cloud, the Analytics tools help IT and security professionals
to gain complete visibility into what’s throughout the entire environment. It
is based on the best algorithms to provide a complete view of user behavior,
track irregularities in their behavior, and deliver automated remedies that
are appropriate for a given security policy.
Citrix’s SAM to secure app delivery
These are the main architectural
components of the SAM.
Complementary components can
be deployed as well: for instance,
an Enteprise File Sync and Share
System can be used to secure data
sharing operations, implement DLP
policies etc. This paper will focus
on the benefits that the framework
may bring to organizations that opt
for a Security Architecture Model
rather than providing product
specifications or in-depth overviews
of the technologies that can be used
to implement it.
14. Citrix.com12
In Citrix’s “lingo”:
• Application Virtualization (that implements session virtualization)
is deployed using XenApp (Virtual Desktops are similarly deployed
using XenDesktop)
• The App Store is published using Storefront
• The Application Delivery Controller is NetScaler ADC while the SD-
WAN technology for WAN Optimization and WAN Virtualization is
NetScaler SD-WAN.
• TheMobileStoreispartoftheEMM(EnterpriseMobilityManagement)
suite XenMobile.
• The Unified Management and Visibility Plane is the Citrix Analytics
Service as well as the NMAS (NetScaler Management and Analytics
System).
Organizations can opt for Citrix technologies to be deployed either in the Cloud or on-premises.
15. 13Citrix.com
What’s unique for Citrix is the
actual data that our tools bring from
the environment. NetScaler gives
visibility into networking levels four
through seven.
ShareFile understands what’s
happening with content – how it
is being downloaded and how it is
being moved. XenMobile, XenApp,
and XenDesktop provides visibility
into what’s happening at the
endpoint, how people are accessing
information, and what tasks they are
actually performing.
Only Citrix has this kind of complete
integration across the entire
workspace.
Citrix’s vision is to collect data from just about every point in the enterprise to provide a complete
360-degree view into the enterprise. This will then allow use to proactively react to any threats as the come.
16. Citrix.com14
4. “User Centric”
Applications are designed around
humans and their need to use
software to perform any kind of
task. This means that myriad apps
have been developed to meet
everyone’s requirements. There are
apps for Business and Productivity,
Collaboration and Sharing,
Engineering, Scheduling, Health
and Wellness as well as Gaming,
Simulation, Music, Photo-editing,
etc. In a certain sense, people have
become apps-dependent and User
perspective has become increasingly
important.
The access of a virtual, secure
workspace where a user is able
to self-provision the apps he/she
needs to use, over any network
and any device - and wherever the
service is hosted - has become a
new requirement.
An application delivery solution
must be defined using technologies
that set the users at the center,
leveraging their common use
habits with both personal and
professional devices and networks.
IT Organizations have to provide
their users with a secure access to
Corporate Applications (Windows,
Web, SaaS and mobile) seamlessly
and they allow these business-
critical assets to securely co-exist
with personal content on the same
device.
We can set a mandatory list of features, based on the previous
statement, that define a user centric application delivery:
• Users must be able to move between heterogeneous devices and
networks to access the same applications.
• Users need to access all of the content through a secure, simple
interface (an Application Store or “App Store”)
• Users need to access services with an optimized experience (in
terms of performance)
17. 15Citrix.com
4.1 The App Store
Users expect to access applications
with the same easiness they open a
video on Youtube and with the same
level of security ensured within the
context of an online credit card
payment. The user interface in
a SAM must remove complexity
and make interaction between
users and backend systems simple
and secure. Moreover, the user
interface must ensure easiness and
security, regardless to the location
from which the user accesses the
application, hence the need for a
unified application store, available
on an encrypted connection, where
the user, after proper authentication
(one or two factors, with OTP,
certificates, biometrics etc.), can
download the preferred apps, using
an interface that remains user-
friendly and with the same look and
feel on every device. Users must be
given the possibility to subscribe to
applications or data services from
any device and have access to those
same services, even when already
in use, from any other device for a
seamless and simple experience.
Needless to say, the App Store (and
similarly, the “Mobile Store” for
mobile apps delivered to personal
mobile devices) can be made
available through a Private, Hybrid
or Public Cloud, making it Cloud-
ready.
This is how the “App Store” can look like using Storefront
18. Citrix.com16
4.2 Optimized User Experience
The other requirement of an optimal
user experience is the comparison
with applications installed on
local endpoints. A User-centric
application delivered to a mobile,
through a public or private network,
via a SAM which presents users a
sort-of “App Store”, must be able
to deliver the same performance,
in terms of multimedia content,
real-time audio and video
collaboration, graphics (2D and 3D)
and peripheral support, so as that
of local applications delivered at
LAN speeds. For this reason, when
particular conditions are matched
(es: high latency networks, packet
loss, low bandwidth etc.), embedded
WAN optimization capabilities play
an important role in the SAM to
ensure acceptable performance
and efficiency where traditional
distributed application architecture
would certainly fail.
If multiple links interconnect the
datacenter to the branch office
from where a user is accessing the
application, WAN virtualization can
be used to create a network overlay
and improve the user experience by
using aggregate throughput, per-
packet routing decisions as well as
QoS (Quality of Service) policies.
SD-WAN sample architecture
19. 17Citrix.com
Whilst WAN Optimization can be performed per single link, when more than one link is used WAN
Virtualization becomes available. In the above image, the organization leverages SD-WAN to optimize and
route ICA virtual channels so that the most demanding ones use the best connectivity.
4.3 BYOD-ready
Willing or not, organizations have
already embraced or will soon be
forced to embrace Bring-your-
own-device (BYOD) programs that
let employees use their personal
devices to access corporate
information or perform work tasks.
The opportunity to use their iPhone,
Android phone, tablet of choice
for their daily activities, offers
productivity as well as satisfaction
benefits. Employees, executives, but
also military on the field: everyone
increasingly expects to use the
mobile hardware and software they
feel works best for them.
Thanks to an approach that
decouples the devices into several
independent layers, organizations
can manage the access to the
corporate environments to a “Mobile
Apps Store” from personal devices
regardless of the device’s hardware,
operating system and existing apps.
However, BYOD has “cons” because
using personal devices in corporate
environments brings security
risks. Whilst corporate devices
are usually managed through an
20. Citrix.com18
MDM (Mobile Device Management)
solution, organizations embracing
BYOD policies can manage “just”
the corporate applications without
knowing the exact device where they
are running into by means of MAM
(Mobile Application Management)
solutions. Most of these solutions
rely on “containerization”techniques
to put the enterprise applications
and data within a sandbox on
the device, preventing personal
applications from interacting with
them and vice-versa, thus mitigating
the risk of data leakage or malware
infection.
We will discuss further on this
topic in the specific chapter about
security.
5. “Interoperable”
Our SAM model separates each
of the components into different
containers, isolating the delivery
and management of apps from the
underlying devices, making it easier
to meet the demands of IT without
adding additional complexity.
Application delivery no longer has
to be directly related to the physical
device.
Apps can be delivered on-demand,
to any type of device, regardless of
the underlying operating system
and form factor, enabling users to
get access to what they need when
SAM model allows Organizations
to deliver Apps as secure mobile
services. And the IT can mobilize
the business - increasing user
productivity, while reducing costs by
centralizing control and security of
intellectual property. In this model,
we can deliver high-performance
apps (even legacy ones, that may
be difficult to update) to any PC,
Mac, laptop, tablet or smartphone
that enable the delivery of a native
experience that is optimized for
the type of device, as well as the
network.
We can build a hybrid cloud-
ready platform that separates
the management plane from the
workload to enable IT to securely
deliver published apps on-premises,
and manage workers and mobile
workspaces either on-premises or
in the cloud.
The model leverages application
virtualization allowing organizations
to install applications on a server
and then access those applications
without having to install anything
on the client apart from the client
software. All the processing is
21. 19Citrix.com
done by the server. All data passing
between the client and the server
is mouse clicks / movement and
keystrokes; and all the passes
between the server and the client
is screen refreshes. To the users,
it (mostly) looks and feels like the
application is running locally on
their client operating system.
6. “Secure”
While it ensures an optimized user
experience from any device, any
place and any network, and plain
interoperability with the existing
environments, the application
delivery architecture must ensure
information security. We live in times
of cyberwar, with daily headlines
announcing data breaches, zero-
day attacks, new malware and
widespread disruptions. Modern
work styles, with increasing mobile
employees using their own devices
from remote offices, home offices,
hotel rooms or Internet kiosks, make
it particularly challenging to protect
organization’s most important
assets from the nowadays attack
vectors.
For this reason, the SAM must
ensure Confidentiality, Integrity and
Availability of organization’s data.
22. Citrix.com20
6.1 Centralized Application execution
As already mentioned, the SAM
is based on application session
virtualization to dramatically
simplify critical security tasks
(access control, data protection,
etc.). Besides the advantages related
to cost reductions, simplified IT
operations and the ability to deliver
new services for users, application
and session virtualization has a huge
impact on information security as
well: whilst client access centralized
services using an optimized and
secure presentation protocol,
applications are executed in the
datacenter where data security
policy can be enforced.
As far as the applications (clients)
and their backend (es: databases)
reside in the same datacenter,
security and performances are
granted even if user access is from
remote, distant or uncontrolled
locations.The security advantages of
a centralized application model are
extremely relevant; the architecture
is intrinsically secure because
the amount of data transferred
outside the organization datacenter
highly decrease, without the need
of implement complex security
features or products.
This approach leverages a secure
presentation protocol (ICA) where
only screen variations, mouse and
keyboard inputs are transmitted
between the datacenter and
the user device. Data is never
transferred over the network; if data
transfer is allowed, data is encrypted
so as to prevent Data-leakage or
eavesdropping, man-in-the-middle
attacks, and mitigate all kind of
“data in motion” threats.
With application centralization,
the focus of security moves from
the endpoint (where no sensitive
data resides) to the datacenter
itself: network and host security
solutions are more powerful and
effective than the local security
software installed on the endpoints.
Also, the operational aspects of
data protection would benefit from
a centralized approach; backup
and monitoring are simpler and
more efficient in a centralized
environment. Actually, the
centralized application execution
can be seen from two different
standpoints. The most common use
case is the one described above of
users from an Untrusted zone who
require to use applications delivered
from inside a Trusted zone (the
datacenter).
23. 21Citrix.com
The standard Virtual App /Virtual Desktop (VDI) paradigm
The other use case, that leverages
the very same centralized
application execution, is the Secure
Browsing: give access to the Internet
(Untrusted environment) from
internal workstations (thus located
in a Trusted environment). Although
this is the reverse paradigm of the
most frequent use case, the Secure
Browsing scenario, where the
Browser is the published App used
to navigate the Web, may provide
many benefits to the organizations:
by preventing the direct access
to the Internet by the users, it
protects internal machines from
ransomware and other malware that
can be downloaded from malicious
websites.
The Secure Browsing scenario
24. Citrix.com22
Considered that the 90% of
malware is today delivered via web-
browsing, the Secure Browsing is
a rather innovative approach than
the “legacy” one that would imply
the use of standard browsers, with
all the recommended patches,
through a proxy that enforces
restrictive policies leading to
over-configuration and poor user
experience.
With the Secure Browsing
architecture (that can be part of the
SAM) the malware can only infect
the VM where the virtual browser is
running without reaching the actual
workstation, safeguarding the entire
organization from ransomware.
Moreover, if the hypervisor used to
host the virtual apps supports the
HVI (Hypervisor Introspection), this
can be used to monitor the critical
memory access within the Guest
VM from the hypervisor’s level of
privilege.
This is an example of SAM to support Secure Browsing
25. 23Citrix.com
Bitdefender HVI (Hypervisor Introspection) can be used on XenServer to monitor activities inside the Guest
VMs (such as XenApp)
CitrixXenServerisusedasapreferred
hypervisor in this architecture as
it includes a new unique security
feature called XenServer Hypervisor
Introspection, which enables
third party security companies to
leverage memory introspection
techniques: partner vendors, such
as Bitdefender, can integrate with
XenServer and work with the raw
memory and without any in-guest
(VM) agents.
The use of XenServer and
Bitdefender HVI protects in-guest
memory for real-time analysis:
the hypervisor provides isolation if
the VM instance is compromised.
HVI relies on detecting attack
techniques rather than relying on a
pre-existing pattern file. Moreover,
working outside the Guest VM is can
detect malware that may hide itself
from in-guest anti-viruses.
26. Citrix.com24
6.2 Application Delivery Controller
As already mentioned,an Application
Delivery Controller (ADC) is required
to “publish” virtualized services to
the users.The purpose of these ADCs
is to proxy encrypted sessions from
the clients to the backend services
and, if needed to load balance real
servers in order to ensure availability
of the information requested
by the users. Modern ADCs can
significantly improve application
security, not only by ensuring
services are always available,
but also by providing anti-DDoS
and content filtering capabilities.
Moreover, the ADCs, acting at the
Aggregation and Brokering layer of
an IoT architecture, can act as an
IoT gateway, enforcing device pre-
authentication, surge protection,
IoT Load Balancing, Filtering and
Firewalling.
Citrix NetScaler’s Next-Gen ADC supports features required to prevent and mitigate IoT attacks.
27. 25Citrix.com
In the SAM framework, ADC enforce
Web Application protection by
means of a Web Application Firewall,
whose role is to complement the
policies enforced by a perimeter
Firewall with Application-specific
controls aimed at protect the “App
Store” and the other Web-based
and XML services from zero-day
and known attacks. Furthermore,
within any network infrastructure,
unlike “traditional” Firewalls and
Intrusion Prevention Systems,
ADCs are the only devices which
constantly “talk” with the backend
services and monitor their health
state: this means that they can also
protect datacenter applications
from surges of legit traffic by
detecting overloaded server CPUs
and redirecting traffic to less loaded
server before backend systems
collapse.
ADCs are obviously particularly
importantwhenitdealswithDisaster
Recovery and Business Continuity:
DNS-based Load Balancing in
active-active or active-standby
modes ensures FQDNs of services
published through the ADC can be
reached on the primary datacenter
or DR site. If a service disruption
occurs at the primary datacenter,
ADC with DNS authority, will respond
to query for a specific service with
the address of the DR datacenter,
preventing the loss of availability of
organization’s information and data.
Moreover, within the context of
a SAM, the ADC provides a single
point of management for controlling
access and limiting actions allowed
to users. Access can be limited
based on security posture of the
endpoint determined by scanning
remote device to check whether the
antivirus is updated, the hard drive
is encrypted or the personal firewall
is enabled. Based on the security
scan, the device can be allowed
to access internal applications,
otherwise it can be restricted to a
sub-set of apps, or redirected to a
remediation site.
28. Citrix.com26
In Citrix’s SAM, NetScaler ADCs act as Layer 4 and Layer 7 proxies that feed the Management and Analytics
System so that real-time analysis and machine learning can deliver automated remedies.
6.3 Facing the “Mobility threat”
Mobility and BYOD scenarios
present significant challenges, the
most significant of which is most
probably security. Enterprises
that open their gates to personal
devices and applications must find
ways to protect the organization
from unknown or “rogue” devices
connecting to their corporate
network; malware spread by mobile
applications and websites that infect
the enterprise network; personal
mobile applications that gain
access to corporate content such
as contacts, business applications
and data; unprotected public WiFi
networks used to transmit sensitive
enterprise information; leakage of
sensitive enterprise information via
personal or enterprise mobile email
and social networking sites; and so
on.
29. 27Citrix.com
Securing mobile devices and their connections from these threats
requires a comprehensive enterprise mobile management strategy
employing a raft of powerful tools, including mobile device management
(MDM), mobile application management (MAM), secure file-sharing and
mobile data loss prevention (DLP) solutions.
MDM tools allow IT teams to discover, track and manage mobile devices and
applications throughout their life cycles, much as they do with corporate
issued devices.
MAM solutions create a barrier between personal and corporate applications
and data so the latter are protected from the vulnerabilities and hazards of
the former.
Secure file-sharing solutions let users access and collaborate on the latest
versions of their most important files,much like Dropbox and other consumer
file-sharing services, but ensure that sensitive enterprise information is not
compromised.
DLP solutions prevent users from divulging sensitive enterprise information
to the wrong people, either intentionally or unintentionally.
Mobile application management
was born quite recently, focusing
on securing and managing an
application as an individual
component, offering a quite similar
set of policies and user experience
management, but only active
when the particular application is
accessed.This in turn has evolved to
contain app level control of secured
“MicroVPNs”, inter-container
communication and encrypted
sandbox containers: an integral
part of any mobile solution should
include an application delivery
controller used to terminate such
MicroVPNs.
30. Citrix.com28
6.3.1 Sandboxed platforms
The definition of sandbox is quite
intuitive, running untrusted code in
an area with controlled resources.
The consumerization is demanding
software delivered in any platforms,
anywhere, as fast as possible. This
behavior could let the software
to be prone to security issues.
The sandbox could be the answer.
Sandbox concept is out for a while.
In 2000, the NSA was already
working on SELinux and during that
period SELinux was released to the
open community. Today SELinux
is present in almost all Linux
enterprise distributions. SELinux is
just one example of sandbox.
Sandbox term is often used in
almost IT areas but in the “anyness”
concept that this paper is talking
about the sandbox is the primary
importance. Actually, Sandbox is
“high level” term, how to implement
can be very various. Nowadays
EMM approach is to use a mix of
cryptographic layer and syscall
proxy. Cryptography is usually used
for separate the personal data and
Mobile users can use mobile applications made available by a Store that is optimized for smartphones or
tablets. The above image shows the Mobile Store and MDM client (dubbed “Citrix SecureHub”) in an iPAD.
31. 29Citrix.com
the enterprise data: data at rest is
usually encrypted with a symmetric
algorithmic like AES-256 (FIPS 140-
2 compliant) for his relative low
computation and robustness; data
in motion for enterprise app is made
secure by means of microVPNs.
Data in motion: micro-vpn are
used for sandbox this kind of data.
micro-vpn is a VPN exclusive for a
single enterprise app. Syscall Proxy
is instead a technique implemented
long time ago. The main idea is to
create layer between OS and the
App that let IT admins manage any
single syscall. For example, when
the mobile app try to store data
the syscall proxy will intercept the
action and stored the data in cipher
text and viceversa.
7. “Cost Effective”
The Security Architecture Model
offers several benefits. First of
all, it reduces the complexity
and effort required to manage
apps, infrastructure and devices
and lets organization manage
heterogeneous IT environment, as if
they were homogeneous.
By centralizing the application delivery, organizations simplify the way
they manage software deployment obtaining several advantages:
• There is no need to install an application on hundreds or thousands of
computers or devices. The application is installed in the datacenter and
delivered to all the clients.
• There is no need to update apps on all desktops as only the virtualized
applications at the central datacenter must be patched or upgraded, with
significant savings in terms of effort, downtime, etc.
• The entire application lifecycle is centrally managed: when it’s time to
retire an app, organization can simply delete the virtual app, as there is no
need to uninstall it.
• Apps can be used on unmanaged client devices with no impact on internal
teams.
• Apps can be easily restored or reset, reducing the effort required by help
desk and support teams managing trouble-tickets opened by users.
32. Citrix.com30
• The computational power required to run the app is minimal, as all what
the user needs on his device is a client to launch the virtualized session
towards the centralized application.
• Legacy apps can run on more modern devices without the compatibility
issues.
• Modern Application Delivery Controllers provide security features (as the
already mentioned Web Application Firewall and Anti-DDoS checks); this
means customers can consolidate reverse-proxy, web application security
and load balancing features on a single (sometimes multi-tenant) box.
• WAN acceleration may improve user experience by optimizing the existing
bandwidth and without the need to improve the links.
• WAN virtualization features that are increasingly available on WAN
Optimization platforms, enable organizations to bind several different
links into a single tunnel (transparent for servers and users) and select
the best link (either xDSL, MPLS, 3G/4G/5G etc.) on a packet-per-packet
fashion. This means that organizations can increase the bandwidth
available to datacenters by binding different links instead of improving
the existing (sometimes costly) ones.
• There are also some “hidden” benefits induced by the improved security:
since corporate apps are sandboxed and separated from the rest of
the device, malware can’t spread to corporate data preventing loss of
confidentiality and integrity of core information, whose leakage could cost
much to the organization.
33. 31Citrix.com
8. A use case: the Ransomware kill chain
Beginning on Friday May 12th 2017,
several organizations were affected
by a new Ransomware strain
based on the EternalBlue exploit
developed by NSA in the U.S. Several
large organizations worldwide are
known to be affected. While large
enterprises made the news, small
business users and home users
may be affected as well. Since then
several more waves of ransomware
attacks have hit organizations with
Wannacry, variants like Petya or
PetrWrap.How did they get infected?
The attack included three phases: Infection, Distribution and
Extortion.
1. Some organizations suggest that the initial Infection originated
from e-mail attachments, but little is known about the e-mails. It
is easily possible that other malware was confused with WannaCry.
Anyway, a spear phishing attack or unsafe navigation brought the
user to a web site where the malware was downloaded.The malware
started encrypting the data on the workstation.
2. The Distribution occurred via network: ransomware distributed
to all local machines through network reachability: an unpatched
workstation reachable through SMB could be attacked and infected.
3. The Extortion occurred after all data was encrypted and ransom
demanded to get the key required to decrypt it.
34. Citrix.com32
How would Citrix technologies
have helped in case of ransomware
attack?
In order to prevent Infection and
distribution, Secure Browsing using
XenApp running on XenServer with
Bitdender HVI would be extremely
effective.
Citrix XenApp has been used by
many customers worldwide to
provide access to the Internet
resources with the appropriate level
of segmentation: even if malware is
successful during initial infection,
it will reside in a non-persistent,
isolated zone where it can be easily
destroyed. Moreover, Hypervisor
Introspection would prevent the
initial exploit to be executed making
the initial attack and infection
unsuccessful. This protection
would work even on unpatched
system or against another zero-
day exploit that is using similar
method. If such measures were not
enough to prevent the infection
and distribution of the ransomware,
an enterprise data sync service
like Citrix ShareFile can be great
advantage in recovering from a
successful attack.
The versioning functionality keeps
previous versions of each file, so IT
can revert impacted files to the last
known version from a centralized
backup.
35. 33Citrix.com
Sharefile can help recover from an attack by replacing the encrypted file with the previous version, stored in
a centralized back up. In case of infection, the IT manager could simply apply the patch, release new image
to all machines, reset the whole environment to the last known state, and then simply recover the last
known version of the files.
ShareFile would also be useful in preventing the attack:
• supporting various antivirus vendors that can automatically scan all
uploaded files and data
• providing APIs for third-party cloud security platform partner access
for advanced anti-malware checks
• by means of a server-side detection feature that detects when file
extensions are changed and can prevent the client from overriding
the server data.
Moreover, Citrix App Layering provides the ability to quickly patch large
numbers of computers with few clicks, enabling fast recovery and improving
response times in case of malware attack.
36.
37. References
[1] David Cenciotti, “Application Delivery Controller”, Atti del Simposio Cyber Defence, RID
Rivista Italiana Difesa, 2014, pp. 62-67
[2] Citrix Systems, “Secure by Design”, pp. 1-7
[3] Citrix Systems, “Securing the mobile enterprise”, pp. 1-8
[4] Martin Zugec, Citrix Systems, “WannaCry: Why Citrix Customers Are Not Crying Today”, blog.