fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Citrix Adds NetScaler ADC Setting To Block Recent DDoS Attacks

Citrix Adds NetScaler ADC Setting To Block Recent DDoS Attacks

Citrix has released a feature enhancement designed to block attackers from using the Datagram Transport Layer Security (DTLS) feature of Citrix ADC and Gateway devices as an amplification vector in DDoS attacks.

DTLS is a UDP-based version of the Transport Layer Security (TLS) protocol utilized to secure and to prevent eavesdropping and tampering in delay-sensitive apps and services.

According to reports that have surfaced starting with December 21st, 2020, a DDOS attack used DTLS to amplify traffic from susceptible Citrix ADC devices dozens of times.

“As part of this attack, an attacker or bots can overwhelm the Citrix ADC DTLS network throughput, potentially leading to outbound bandwidth exhaustion,” the company said in an advisory published on December 24th.

“The effect of this attack appears to be more prominent on connections with limited bandwidth.”

Fix now available

Citrix has now released a feature enhancement to remove the amplification vector on NetScaler ADC devices with Enlightened Data Transport UDP Protocol (EDT) enabled.

The company’s newly released DTLS feature enhancement adds a “HelloVerifyRequest” setting that will address the susceptibility to this attack vector and will block attempts made by attackers to abuse them in future DDoS attacks.

Also Read: Data Centre Regulations Singapore: Does It Help To Progress?

The new builds with DTLS enhancement are available on the Citrix downloads page for the following ADC and Gateway versions:

  • Citrix ADC and Citrix Gateway 13.0-71.44 and later releases
  • NetScaler ADC and NetScaler Gateway 12.1-60.19 and later releases
  • NetScaler ADC and NetScaler Gateway 11.1-65.16 and later releases

Citrix advises customers who use DTLS to upgrade their software and enable the “HelloVerifyRequest” setting in each DTLS profile using these instructions:

  • List all DTLS profiles by running the command: show dtlsProfile
  • For each DTLS profile, enable the “HelloVerifyRequest” setting by running the command: set dtlsProfile -HelloVerifyRequest ENABLED
  • Save the updated configuration by running the command: savec
  • To verify “Hello Verify Request” is enabled, run the command: show dtlsProfile 

If DTLS was disabled based on a previous version of this advisory, re-enable the DTLS profile by running following command: set vpn vserver -dtls ON.

Temporary mitigation

Impacted customers who cannot immediately install these new builds can also temporarily remove the amplification vector by temporarily disabling DTLS.

To disable DTLS on affected Citrix devices you will have to issue the following command: set vpn vserver -dtls OFF.

“Disabling the DTLS protocol may lead to limited performance degradation to real time applications using DTLS in your environment,” Citrix said.

“The extent of degradation depends on multiple variables. If your environment does not use DTLS, disabling the protocol temporarily will have no performance impact.”

Also Read: What Is A Governance Framework? The Importance And How It Works

While the scope of these DDoS attacks is limited to only a small number of Citrix customers, the company recommends admins to monitor their systems and always keep their appliances up to date.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us