NetScaler Times newsletter for week 49
Updates on all things NetScaler
Hello everyone! We have a mix of updated links, and articles for all things NetScaler-related! The sections are:
1. A dive into an ADM update from last week.
2. Build updates.
3. Useful articles from Citrix Cloud Developer forum.
4. Citrix Blogs worth another look
5. AOB
BTW. There is still a transition going back to the NetScaler name, so there might be a mix of references to both Citrix ADC and NetScaler!
There are a number of different Citrix products covered here. The Citrix ADC/NetScaler is an Application Delivery Controller that runs in the cloud and on-prem. It is supported by a management platform called Citrix Application Delivery Manager (ADM for short) which can run as a service or on-prem.
1. ADM Security advisory and instance advisory
In a recent ADM update listed in last week’s newsletter, the entry talked about Instance advisory and security advisor being added as a Tech Preview.
What is this and why should you care?
This is significant as this is the option to say what vulnerabilities you have in your infrastructure and also which builds are in use on which appliances. It’s a great feature to give you insight into the use of firmware with your estate.
I know what you are thinking. ADM Service has had that for ages!
It is significant as this advisory capability has been added as a TP to ADM on-prem edition.
There are some customers that just cannot go to the cloud for whatever reason, they might be stuck with On-prem ADM due to regulation or some other constraint. The Tech Preview is not yet as slick as that available with ADM Service, of course, it covers the basics.
You can download it here:
2. Build updates for this week.
Firmware gets changed from time to time, here are the most recent builds in each appliance type. These were mentioned last week in the two Week 48 newsletters, but if you missed those here are the latest versions.
Unchanged - Current ADC Build. Dec 1, 2022, Citrix ADC 13.1-37.38.
Here are the release notes for this one:
Unchanged - Current ADM Build. Nov 29, 2022, Citrix ADM 13.1 Build 37.38
Here are the release notes for this one:
Updated Citrix App Delivery and Security Service. Release 13.1-39.43
· View hits details for content policies and security protections
When you configure an application and add content policies and security protections, you can now view analytics on the total hits received for:
o Bot policies
o Web App Firewall (WAF) policies
o Rewrite rules
o Responder rules
· To view hit details, navigate to Analytics and click Network Functions.
· View Authoritative DNS analytics geo location heat map
You can now view the list of locations and a heatmap displaying the countries from where the clients are accessing the application.
· Verbose logging support
The CADS service supports collecting more information about the payload than what a regular log collects. It can collect verbose logs such as the log pattern, pattern payload, and HTTP header details. When you create a security protection for your application, set the Logging Settings to collect verbose logs.
The payload information gives you more context while troubleshooting issues. For example, if a violation is detected, you can look at the request that triggered the violation.
Unchanged - ADM Service updates
Z License expiry information shown in Citrix ADM
You can now view Z License expiry information of MPX and SDX instances in Citrix ADM by navigating to Infrastructure > Pooled Licensing > Pooled Capacity > Z licenses.
Management and Monitoring
Discontinued SD-WAN and HAProxy features in Citrix ADM
Citrix ADM no longer supports SD-WAN and HAProxy features. As a result, the associated features applicable for SD-WAN and HAProxy are now not available in the Citrix ADM GUI.
SDX Upgrade improvements - Support for the selection of SDX images from the resource library
When you schedule a maintenance job to upgrade an SDX instance in Citrix ADM, you now have the option to select from the image library required for an upgrade. Navigate to Infrastructure > Upgrade Jobs > Create Job, select Upgrade Citrix ADC SDX, and click Proceed to upgrade an SDX instance.
3. Citrix Developer Cloud Forum.
Diagrams and Poster: NetScaler ADM - Overview Cheat Sheet
Richard Faulkner has posted a really handy reference poster for ADM.
Citrix ADM is the only application delivery management platform that provides comprehensive automation, faster troubleshooting, and actionable insights. This capability is delivered from a single pane of glass for all your NetScaler infrastructure across hybrid multi-cloud environments.
https://forum.developer.cloud.com/s/article/cheat-sheet-adm
Using ADM Service to spot Account Take Over
Akhil and Jason go over ATO attacks and how ADM can help you spot them.
Know how to detect Account Takeover attacks through NetScaler ADM Service for your custom Web Application login pages as well as NetScaler Gateway login pages. Learn more: https://docs.citrix.com/en-us/citrix-application-delivery-management-service/analytics/security/bot-violations.html#account-takeover
https://forum.developer.cloud.com/s/article/Detect-Account-Takeover-ATO-attacks-through-ADM-Service
4. Citrix Blogs worth another look
Viswanath dives into Open Policy Agent support for Kubernetes using Citrix Ingress Controller
Sometimes you need a general-purpose policy engine that unifies policy enforcement across the stack. That policy engine can give you a centralized decision-making entity for systems that involve multiple NetScalers or multiple distributed devices. Open Policy Agent (OPA) enables you to specify policy as code and simple APIs so you can offload policy decision-making from your software. It helps you decouple policy decision-making from policy enforcement and can act as a centralized decision-making entity for the system. You can use OPA to enforce policies in microservices, Kubernetes, CI/CD pipelines, API gateways, and more.
5. Other links
My Colleague Hubert shared a link to this advisory which has some really handy advice about Cuba ransomware.
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Cuba ransomware IOCs and TTPs associated with Cuba ransomware actors identified through FBI investigations, third-party reporting, and open-source reporting. This advisory updates the December 2021 FBI Flash: Indicators of Compromise Associated with Cuba Ransomware.
https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
You can get a PDF here: https://www.cisa.gov/uscert/sites/default/files/publications/aa22-335a-stopransomware-cuba-ransomware.pdf
Have a great week!