Have you alredy heard about Citrix Secure Browser? NO?? Then it´t time to test and see how it can secure your environment and how cool it is. Here you can see how it works, how it can help you and how to implement it in … about 10 minutes 🙂 … maybee also 15 minutes.
What is Citrix Secure Browser on Citrix Cloud and how you can use it?
Simply explained, Citrix Secure Browser is a cloud-based Internet browser. With Citrix Secure Browser, you have the ability to provide a cloud-based Internet browser to users. The cool thing about it is that the internet traffic runs in an instance on Microsoft Azure and therefore the traffic is processed there as well.
Normally, in an environment where users need to use the Internet for their daily work (I think that’s over 90% by now), the IT department needs to make sure that this can be done securely. This means a virus scanner is needed on the clients and servers, this should always be deployed. In most cases, a content scanner is also used for the Internet traffic, which blocks unwanted pages, avoids malicious code and thus ensures safe browsing.
The content scanner for Internet traffic usually runs on a dedicated appliance or on the firewall as a feature. Of course, this causes extra costs. In addition, there are the costs for the Internet uplinks, which must be adjusted to the traffic caused. I would say that surfing Facebook, Twitter, etc. can be quite expensive for employers. Moreover, the administration is becoming more and more complex. According to a study, 83% of the companies surveyed believe that security risks increase as complexity rises. Here you can find the ebook for the study on the citrix website: https://www.citrix.com/products/citrix-analytics-security/form/ebook-security-analytics/
Citrix Secure Browser offers the possibility to provide an internet browser in connection with Citrix Cloud, which runs within a separate instance on Microsoft Azure, where it also causes the traffic. The whole thing can be deployed to users completely separate from their own environment. No viruses, no copy and paste, no data and no unwanted websites, doesn’t that sound good?
Here you can see a small diagram that explains Citrix Secure Browser quite well.
How to setup Citrix Secure Browser?
Citrix Secure Browser is configured via the Citrix Cloud. Here you first select “Secure Browser” in your Citrix Cloud Dashboard. The welcome screen appears and you click on “Let’s get started”.
Now you can choose between options to publish the Secure Browser for users.
Shared Passcode:
Users who want to execute the web browser have to enter a passcode to launch the app in Citrix workspace app.
Authenticated:
Users have to authenticate to your authentication system (for example Active Directory). Therefore you have to deploy Citrix Cloud Connectors to the environment. The app have to be assigned to the users with a library on Citrix Cloud.
Unauthenticated:
No further authentication is required. You also have to deploy Citrix Cloud Connectors to a resource location. Normaly you should use this only for testings ans proof of concepts.
In my case, I choose “Authenticated”, because I already have deployed my Cloud Connectors.
In the next step you have to give it a name and define your start URL for the browser. You also have to choose the region for your Azure instance. I will choose West Europe, because I will connect from Germany. At last you can choose a icon for your app. You can see it is running on a Linux instance on Azure. Then click publish.
In the overview section of Secure Browser in Citrix Cloud you will now see your browser. If you click on the 3 dots on the right side, you can enter the settings section. Here you can define your settings as you want for the app.
If you choose “Policies” you can definde the settings for the published app.
Here you can definde what users will be allowed to do. I find it realy cool, so it will be also possible to give users the access to sites wich will normaly will be blocked for security reasons.
Back in the Settings section you can do a test run of you published app.
It is also possible to give users access only to allowed URLS or do URL Filterings.
Here you can see the overview, with configurations of URL Filterings are possible:
It is from: https://docs.citrix.com/en-us/citrix-cloud/secure-browser-service.html
- None – Allows all categories.
- Lenient – Maximizes access while still controlling risk from illegal and malicious websites. Includes the following categories:
- Adult: Grotesque, sex education, porn, nudity, sexual services, adult search and links, swimsuits and lingerie, adult magazines and news, sexual expression (text), fetish, and dating.
- Computing and Internet: remote proxies, private IP addresses, peer-to-peer file sharing, and torrents.
- Gambling: Sweepstakes, prizes, lotteries, and gambling in general.
- Illegal and harmful: Terrorism, extremism, hate, slander, weapons, violence, suicide, illegal drugs, medication, illegal activities, marijuana, and advocacy in general.
- Malware and spam: Hacking, malware, spam, spyware, botnets, infected sites, phishing sites, keyloggers, mobile malware, phone bots, malicious and dangerous websites.
- Moderate – Minimizes risk while allowing more categories with low probability of exposure from unsecure or malicious sites. Includes the following categories:
- Adult: Grotesque, sex education, porn, nudity, sexual services, adult search and links, swimsuits and lingerie, adult magazines and news, sexual expression (text), fetish, and dating.
- Business and industry: Auctions.
- Computing and Internet: Advertisements, banners, remote proxies, private IP addresses, peer-to-peer file sharing, and torrents.
- Downloads: Mobile app stores, storage services, downloads, and program downloads.
- Email: Web-based mail and email subscriptions.
- Finance: Cryptocurrency.
- Gambling: Sweepstakes, prizes, lotteries, and gambling in general.
- Malware and spam: Hacking, malware, spam, spyware, botnets, infected sites, phishing sites, keyloggers, mobile malware, phone bots, malicious and dangerous websites.
- Messaging, chat, and telephony: Instant messages and web-based chat.
- News, entertainment, and society: Wordpress (posts and uploads), unsupported URLs, occult, no content, miscellaneous, horoscope, astrology, fortune telling, drinking, religions, personal webpages, blogs, and online games.
- Social networking: Photo search and sharing sites, IT bulletin boards, and bulletin boards.
- Strict – Minimizes the risk of accessing unsecured or malicious websites. End users can still access websites with low risk. Includes the following categories:
- Adult: Grotesque, sex education, porn, nudity, sexual services, adult search and links, swimsuits and lingerie, adult magazines and news, sexual expression (text), fetish, and dating.
- Business and industry: Auctions.
- Computing and Internet: Advertisements, banners, dynamic DNS, mobile apps, publishers, parked domains, remote proxies, private IP addresses, peer-to-peer file sharing, and torrents.
- Downloads: Mobile app stores, storage services, downloads, and program downloads.
- Email: Web-based mail and email subscriptions.
- Finance: Cryptocurrency and financial products.
- Gambling: Sweepstakes, prizes, lotteries, and gambling in general.
- Illegal and harmful: Terrorism, extremism, hate, slander, weapons, violence, suicide, illegal drugs, medication, illegal activities, marijuana, and advocacy in general.
- Jobs and resumes: Employment, career advancement, and LinkedIn (updates, mail, connections, and jobs).
- Malware and spam: Hacking, malware, spam, spyware, botnets, infected sites, phishing sites, keyloggers, mobile malware, phone bots, malicious and dangerous websites.
- Messaging, chat, and telephony: Instant messages and web-based chat.
- News, entertainment, and society: Wordpress (posts and uploads), accommodations, travel and tourism, unsupported URLs, politics, fashion and beauty, arts and cultural events, reference, recreation and hobbies, local communities, miscellaneous, drinking, popular topics, special events, news, society and culture, online magazines, online games, life events, occult, no content, horoscope, astrology, fortune telling, celebrity, streaming media, entertainment, venues, activities, personal webpages and blogs, and religions.
- Social networking: Social networks in general, YikYak (posts), Twitter (posts, mail, and follows), Vine (uploads, comments, and messages), Google+ (photo and video uploads, posts, video chat, and comments), Instagram (uploads and comments), YouTube (shares and comments), Facebook (groups, games, questions, video upload, photo uploads, events, chat, apps, posts, comments, and friends), Tumblr (posts, comments, photo, and video uploads), Pinterest (pins and comments), IT bulletin boards, and bulletin boards.
Now I want to give access to the users.
Give access to the users
After I have configured my browser as disired. I want to give the users access to the published app. I will do that with a Library. So I have to go to the general menu of Citrix Cloud “the 3 bars on the left top of the pagate” and choose “Library”. Here you can add the subscribers from your authentication source, im my environment it is active Directory.
As a subscriber for the Library you can choose groups and users. If you have assigned a new library to a user, the user have to logon again.
Take a testdrive
After I have assigned the Citrix Secure Browser to my user. I can load launch it with Citrix workspace app.
Demo video download virus to local drive
Here you can see a video where I will test to load a virus infected file from a website and copy It to my local drive. It is in german, but I´m sure you can follow.
No chance to get it on my local drive!! 😉
Check it out and try it yourself. Feel free to test it on your own and give me a feedback how it works for you. Also check out my other posts regarding on Citrix Cloud Services. Have fun. Feel free to share my site or post on social media. You can also follow me on Twitter @thomaspreischl