Sophisticated Adversary Capitalizes on Citrix ADC Servers

March 5, 2023

An adversary with sophisticated skills has taken advantage of Citrix ADC Servers. This has caused huge problems for organizations all over the globe. This attacker was able to steal credentials from thousands of users, gain access to data and launch attacks. You need to ensure that your organization has the proper security measures in place to prevent this from happening. These are some ways to make sure your ADC Servers remain secure.

Citrix ADC Servers Security Measures

There are many security precautions to be aware of when implementing Citrix ADC servers. You should enable the Secure option, create a TLS certificate custom to your needs, change the password and ensure proper configurations.

Make sure you set up the appliance with a private IP address when configuring it. This is done with SSH keys. If a user forgets his password, the SSH keys are used to gain access to the ADC.

Citrix ADC appliances can support Multipath TCP. This is a TCP/IP protocol extension which identifies multiple paths between hosts. This adds protection against TCP congestion. Make sure that your TCP profile is correctly configured

Citrix recommends an SSL VIP, which is a secure SSL version and a secure encryption key, for enhanced security. Citrix also recommended that you encrypt HTTP cookie persistence, load balancing persistent cookies, and HTTP cookie persistence.

Also, ensure that you use a strong password called “break glass”. The password must be at least 8 characters long and include a special character.

Configuration GSLB

Global Server Load Balancencing (GSLB) is a powerful service that balances traffic between Citrix ADC’s virtual and physical servers. The service can only be used if it is properly configured. What are the steps for configuring it?

GSLB connects your Citrix ADC with sites that are close to your users. This allows for disaster recovery. Client requests will be sent to the closest GSLB site by the system, allowing clients to request assistance from their internal network.

GSLB can either be created internally or externally. You should have a separate GSLB server for each DNS you want to protect. You can, for example, create one service for but keep it separate for other DNS names.

Optimizing ADC Servers

These tips can help you increase security for your Citrix ADC servers. These tips can increase the security of your network as well as stop attacks. It is also important to understand how to protect your appliance against physical and virtual attacks. You can also restrict access to certain IP addresses or devices, and create Access Control Lists.

You can, for example, limit RPC traffic using the NITRO API. This will prevent attackers accessing command and control software or devices on the other side of the wire.

You can also distribute TLS certificates to users to increase security and allow them to connect to the web server via HTTP. Although it will require user interaction in order to establish a connection this provides the same level of security.

You can set up the ADC’s logging options to improve visibility and reporting. Syslog messages are available as a logging option, which can be used to respond to and detect threats. To monitor and identify certain events, you can also use the alerts function.

Multiple features can be configured

Citrix ADC servers can be configured with multiple security features. For example, you can protect against HTTP desync attacks. Alternatively, you can disable SSH access. You can also use TLS certificates that you create. These certificates are created by user interaction during connection establishment to the web server. More information about managing SSL certificates can be found in the Citrix Knowledge Centre.

Inbound NAT listens to connection requests for the server. An Access Control List can be used to limit the access to specific ports. You can, for example, restrict UDP or TCP usage by users or groups.

You can also set stateful behavior to allow back-end cookies. This will stop client scripts from running on the server. This will make cross-site scripting attacks more difficult. Encrypting the persistent cookie used for load balancing can also be done. This will make sure that the cookie can only be read by the server.

Ammar Fakhruddin


Ammar brings in 18 years of experience in strategic solutions and product development in Public Sector, Oil & Gas and Healthcare organizations. He loves solving complex real world business and data problems by bringing in leading-edge solutions that are cost effective, improve customer and employee experience. At Propelex he focuses on helping businesses achieve digital excellence using Smart Data & Cybersecurity solutions.

Data Security Through Data Literacy

Data Security Through Data Literacy

Unlocking data security through data literacy. Explore the pivotal role of understanding data in fortifying cybersecurity measures. Data is now pervasive, and it is important for people to understand how to work with this information. They need to be able to interpret...

Trojan Rigged Tor Browser Bundle Drops Malware

Trojan Rigged Tor Browser Bundle Drops Malware

Trojan Rigged Tor Browser Bundle drops malware. Stay vigilant against cybersecurity threats, and secure your online anonymity with caution. Threat actors have been using Trojanized installers for the Tor browser to distribute clipboard-injector malware that siphons...

Siri Privacy Risks: Unveiling the Dangers

Siri Privacy Risks: Unveiling the Dangers

Unveiling Siri privacy risks: Understand the potential dangers and take steps to enhance your digital assistant's security. Siri is a great piece of technology, but it can also be dangerous to users’ privacy. This is a serious issue that should be addressed....

Recent Case Studies

Press Releases

News & Events


Managed Security Services
Security & Privacy Risk Assessment
Cloud Platform Security
Incident Response & Business Continuity

Penetration Testing

Virtual CISO

Email Security & Phishing



About Us