There’s recently been a fair amount of discussion on security and Presentation Server installation, with some insightful responses (see Brian Madden’s blog entry). One point about the original posting: it was concerned with attacks from authenticated users only. An Internet attacker has to jump the authentication hurdle first. That’s why strong authentication is so important for Internet-facing deployments.
The book Citrix Access Security for IT Administrators (ISBN-13: 978-0-07-148543-2) is a great resource for planning and securing your setup. Several Internet-facing configurations are described. It doesn’t cover everything: we had to leave out Access Gateway because it didn’t fit the editorial timetable; and those with specific regulatory requirements will also want to refer to the Common Criteria documentation, and the Security Standards and Deployment Scenarios documents, at https://www.citrix.com/security.
And yes, this edition of the book covers Presentation Server 4.0. We’d love to do a second edition for Presentation Server 4.5 and later. Getting into print is a lot of work, so we’d like to know first whether you like this kind of security material in book form, or delivered some other way. The Common Criteria documentation and the Security Standards and Deployment Scenarios document are already posted for Presentation Server 4.5. Let us know your thoughts.
Also, since this book was written, we launched the Citrix Ready program. Take a look at the Citrix Ready Products Guide for third-party information – there’s a section for security products.
Finally, consider whether SmartAuditor is a good fit to your organization. It’s a powerful tool for addressing the risks from authenticated users. At this time, it is a feature of the Platinum Edition of Presentation Server – see Citrix Presentation Server Editions.