Securing Outlook Web Access (OWA) 2013 with NetScaler AppFirewall



Similar documents
Solutions Guide. Deploying Citrix NetScaler with Microsoft Exchange 2013 for GSLB. citrix.com

Deploying NetScaler Gateway in ICA Proxy Mode

Microsoft Dynamics CRM 2015 with NetScaler for Global Server Load Balancing

icrosoft TMG Replacement with NetScaler

Single Sign On for ShareFile with NetScaler. Deployment Guide

Deploying NetScaler with Microsoft Exchange 2016

Citrix NetScaler and Microsoft SharePoint 2013 Hybrid Deployment Guide

Using Vasco IDENTIKEY Server with NetScaler

Solutions Guide. Deploying Citrix NetScaler for Global Server Load Balancing of Microsoft Lync citrix.com

Microsoft TMG Replacement with NetScaler

Configuring Citrix NetScaler for IBM WebSphere Application Services

Citrix Lifecycle Management

Microsoft SharePoint 2013 with Citrix NetScaler

Solution Guide. Optimizing Microsoft SharePoint 2013 with Citrix NetScaler. citrix.com

How To Use Netscaler As An Afs Proxy

Guide to Deploying Microsoft Exchange 2013 with Citrix NetScaler

Citrix Workspace Cloud Apps and Desktop Service with an on-premises Resource Reference Architecture

NetScaler carriergrade network

Cisco and Citrix: Building Application Centric, ADC-enabled Data Centers

Single Sign On for GoToMeeting with NetScaler

Solution Guide for Citrix NetScaler and Cisco APIC EM

The Office Reinvented: Mobile Workspaces are the Future of Work

NetScaler: A comprehensive replacement for Microsoft Forefront Threat Management Gateway

Provisioning ShareFile on Microsoft Azure Storage

White Paper. Protecting Mobile Apps with Citrix XenMobile and MDX. citrix.com

Trend Micro InterScan Web Security and Citrix NetScaler SDX Platform Overview

Deploying Microsoft Dynamics CRM 2015 with NetScaler

Secure SSL, Fast SSL

Citrix desktop virtualization and Microsoft System Center 2012: better together

Cisco and Citrix: Building Application Centric, ADC-enabled Data Centers

Taking Windows Mobile on Any Device

Deploying NetScaler AppFirewall

Mobilize with Enterprise-Grade Security and a Great Experience

Single Sign On for ZenDesk with NetScaler. Deployment Guide

XenApp and XenDesktop 7.8 AppDisk & AppDNA for AppDisk technology

Solution Brief. Deliver Production Grade OpenStack LBaaS with Citrix NetScaler. citrix.com

Modernize your business with Citrix XenApp 7.6

Advanced Service Desk Security

Powering Real-Time Mobile Access to Critical Information With Citrix ShareFile

Optimizing service assurance for XenServer virtual infrastructures with Xangati

How To Get Cloud Services To Work For You

Powering real-time mobile access to critical information with ShareFile

Websense Data Security Gateway and Citrix NetScaler SDX Platform Overview

Single Sign On for Google Apps with NetScaler. Deployment Guide

Run Skype for Business as a Secure Virtual App with a Great User Experience

The Trainer s Guide to Using Video Streaming, Video Conferencing and On-Demand Video

Trend Micro Cloud Security for Citrix CloudPlatform

Top Three Reasons to Deliver Web Apps with App Virtualization

White Paper. Optimizing the video experience for XenApp and XenDesktop deployments with CloudBridge. citrix.com

Deploying XenApp on a Microsoft Azure cloud

The Always-on Enterprise: Business Continuity Scenarios that Work

This guide identifies two possible enterprise integration scenarios for NetScaler and Azure AD.

Secure remote access

Windows XP Application Migration Checklist

Securing virtual desktop infrastructure with Citrix NetScaler

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview

Secure remote access

Ensure VoIP and Skype for Business Call Quality and Reliability with NetScaler SD-WAN

Citrix Support and Maintenance Services

Safeguard Protected Health Information With Citrix ShareFile

White Paper. SDN 101: An Introduction to Software Defined Networking. citrix.com

White Paper. The Value Add of Citrix Enterprise Mobility Management over App Configuration for the Enterprise. citrix.com

Deploying XenApp 7.5 on Microsoft Azure cloud

Securing virtual desktop infrastructure with Citrix NetScaler

BlueCat Networks Adonis and Proteus on Citrix NetScaler SDX Platform Overview

Citrix ShareFile Enterprise: a technical overview citrix.com

Three ways companies are slashing IT costs with VDI

Deliver the Next Generation Intelligent Datacenter Fabric with the Cisco Nexus 1000V, Citrix NetScaler Application Delivery Controller and Cisco vpath

Desktop virtualization for all

Desktop virtualization for all

Design and deliver cloudbased apps and data for flexible, on-demand IT

Data Center Consolidation for Federal Government

Citrix and Pure Storage enable fearless innovation at University of Louisville School of Dentistry

SolidFire SF3010 All-SSD storage system with Citrix CloudPlatform Reference Architecture

Solve the application visibility challenge with NetScaler Insight Center

Enabling mobile workstyles with an end-to-end enterprise mobility management solution.

How To Install A Citrix Netscaler On A Pc Or Mac Or Ipad (For A Web Browser) With A Certificate Certificate (For An Ipad) On A Netscaler (For Windows) With An Ipro (For

Cisco ACI and Citrix NetScaler: Opening the Way to Data Center Agility

Application Template Deployment Guide

The falling cost and rising value of desktop virtualization

Secure Data Sharing in the Enterprise

5 Reasons Why GoToAssist Remote Support and Service Desk Go Better Together

Citrix TriScale clustering tech note

Solutions Brief. Citrix Solutions for Healthcare and HIPAA Compliance. citrix.com/healthcare

Deliver Enterprise Mobility with Citrix XenMobile and Citrix NetScaler

Virtual desktops in hospitals: streamlining clinical workflows

Fullerton India enhances its employee productivity and efficiency with Citrix XenDesktop

BlueCat IPAM, DNS and DHCP Solutions on Citrix NetScaler SDX Platform Overview

Citrix ShareFile Enterprise technical overview

Single Sign On for Office 365 with NetScaler. Deployment Guide

ShareFile for enterprises

Transcription:

Solution Guide Securing Outlook Web Access (OWA) 2013 with NetScaler AppFirewall Solution Guide This solution guide provides guidelines for securing Exchange 2013 Outlook Web Access (OWA) with NetScaler Application Firewall.

Citrix NetScaler AppFirewall is a comprehensive ICSA certified web application security solution that blocks known and unknown attacks against web and web services applications. NetScaler AppFirewall enforces a hybrid security model that permits only correct application behaviour and efficiently scans and protects against known application vulnerabilities. It analyzes all bi-directional traffic, including SSL-encrypted communication, to protect against a broad range of security threats without any modification to applications. Introduction NetScaler AppFirewall technology is included in and integrated with Citrix NetScaler MPX and VPX, Platinum Edition, and is available as an optional module that can be added to NetScaler MPX appliances running NetScaler Enterprise Edition. NetScaler AppFirewall is also available as a standalone solution on some NetScaler MPX appliances. The stand-alone NetScaler AppFirewall models can be upgraded via software license to a full NetScaler Application Delivery Controller (ADC). Microsoft OWA 2013 is a web-based email client that enables users to access emails and contacts, and to share a web calendar. It is supported by all major browsers. To implement OWA security, the Citrix NetScaler application firewall offers an easy-to-configure security solution using the hybrid model. A set of built-in signatures with auto-update support offer protection against the WEB-IIS vulnerabilities. Deep protections such as Buffer Overflow, SQL Injection and Cross-Site Scripting security checks can effectively thwart any attempt to exploit application vulnerabilities. Each request is inspected to identify any malicious content, and specified actions are taken to either block such content or render it harmless by transforming it. This guide focuses on defining the guidelines for securing OWA 2013 access with Citrix NetScaler AppFirewall. The product versions described here are - Product NetScaler (AppFirewall Integrated Module) Version 10.5 (Enterprise/Platinum License) Microsoft Exchange Server/OWA 2013 2

Summary of Steps Create a service for local virtual server. Create load balancing virtual server. Create signatures for the application firewall and enable the built-in rules in the web-iis category. Create an application-firewall profile. Configure the profile s security checks to enable Buffer Overflow, XSS and SQL Injection protections. Configure the profile s settings to bind signatures and exclude file uploads from inspection, to prevent false positives. Create an application firewall policy with an expression that identifies the traffic flowing to and from the application, and an action that applies the configured profile s protections to the traffic. Bind the policy to the load balancing virtual server. Monitor logs and tweak the configuration. Deploy relaxation rules to avoid false positives if needed. Deployment guidelines Creating a Service If it does not already exist, create a service bound to the OWA service on port 443 (the IP provided will normally be that of the client access server (CAS) in your Exchange 2013 setup). Specify the protocol as SSL and the port as 443 (or an alternate port as per your Exchange server configuration) 3

Create and add a load balancing virtual server Add a load balancing (LB) virtual server (vserver) that the OWA service created earlier will be bound to. The protocol should be set as SSL and port should be 443, or any alternate port as per your Exchange server setup. Bind the service created earlier to the LB along with the required SSL certificates by clicking on the Services and Service Groups tab in the Basic Settings screen for the LB vserver - 4

Application Firewall Configuration Make a copy of the application firewall default signatures by clicking on Export under the Action dropdown on the AppFirewall Signatures screen at Security>AppFirewall>Signatures Now, add a signature by clicking on Add above, then edit the name and add comments so that the rule is distinguishable. Use the Show/Hide button to select web-iis to isolate all the rules for this Category. By default the signature rules are disabled. Click the down-arrow on the Action button, and select Enable All Searched Rules to enable all the selected rules. (The following example shows owa_sig as the signature name) 5

Add a basic application firewall profile for the OWA application by navigating to Security> Application Firewall> Profiles and clicking on Add. Use a meaningful name to keep track of the purpose of the profile. Set the profile type to Web Application and Defaults to Basic. (The following example shows owa_profile as the profile name.) Configure the security checks of the newly added profile by clicking on the profile name and clicking on Edit on the profile list page. Enable the Block, Log, Learn, and Stats actions for the SQL Injection and Cross-Site Scripting checks. Enable the Block, Log and Stats actions for the Buffer Overflow check. Disable all actions for the rest of the security checks. 6

Configure the profile s settings. Bind the signatures to the profile and select the check box for Exclude Uploaded Files from Security Checks. Now, navigate to Security>Application Firewall>Policies> Application Firewall Policies. Create an application firewall policy for the OWA profile and bind the policy to the LB vserver. 7

The following example uses the expression HTTP.REQ.HOSTNAME.EQ( www.mail.com ) to select the target traffic. (replace www.mail.com with your email domain) On the policy listing screen, select the newly added policy and click Policy Manager. From the Bind Point options, select Load Balancing Virtual Server. The Virtual Server field now becomes visible. From this field s drop-down list, select the OWA virtual server that you created earlier. Click Continue to display the Bind Point pane. 8

In the Select Policy field, click the arrow to display the policy options. Select the OWA policy and click Select. Click Bind. Now, in the Bind Point pane, click Done. 9

In the Application Firewall Policies pane, refresh the page. A Green check mark appears in the Active Column to indicate that the policy is now active. The Microsoft OWA application is now protected by the application firewall. You can monitor the / var/log/ns.log to verify whether any violations are being detected, and fine-tune the security check configuration by adding relaxation rules if needed. Conclusion Citrix NetScaler AppFirewall enables a completely secured application delivery experience for enterprises with Outlook Web Access by utilizing the right mix of licensing and policy/rule/signature definitions. With the recommendations provided in this guide, enterprises can expect a secure experience while providing continued access to email, calendar, tasks and other essential business information to their employees and partners. Corporate Headquarters Fort Lauderdale, FL, USA India Development Center Bangalore, India Latin America Headquarters Coral Gables, FL, USA Silicon Valley Headquarters Santa Clara, CA, USA Online Division Headquarters Santa Barbara, CA, USA UK Development Center Chalfont, United Kingdom EMEA Headquarters Schaffhausen, Switzerland Pacific Headquarters Hong Kong, China About Citrix Citrix (NASDAQ:CTXS) is leading the transition to software-defining the workplace, uniting virtualization, mobility management, networking and SaaS solutions to enable new ways for businesses and people to work better. Citrix solutions power business mobility through secure, mobile workspaces that provide people with instant access to apps, desktops, data and communications on any device, over any network and cloud. With annual revenue in 2014 of $3.14 billion, Citrix solutions are in use at more than 330,000 organizations and by over 100 million users globally. Learn more at www.. Copyright 2015 Citrix Systems, Inc. All rights reserved. Citrix, other trademarks are trademarks of Citrix Systems, Inc. and/or one of its subsidiaries, and may be registered in the U.S. and other countries. Other product and com-pany names mentioned herein may be trademarks of their respective companies. 0116/PDF 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information