You'll undoubtedly have considered putting firewalls in place to protect your network from the chaos of the Internet; you may have put anti-virus software on the servers and locked down some application settings; you may even have implemented some form of two factor authentication - but have you considered all the vunrabilities  that exposing a Citrix XenApp/XenDesktop environment?

Kevin Orrey at vulnerabilityAssessment.co.uk has put together an attack tree for a Citrix MetaFrame/XenApp environment together with a useful list of refences.

Using the tree you can better assess  your environments vunrabilities, review what can be enumerated and exploited and so where you can best concentrate your efforts to ensure you minimise the risk of an attacker using your XenApp/Metaframe server to launch an attack on your network.

Very insightfull. Source: http://www.citrixthings.com/index.php?option=com_content&task=view&id=82&Itemid=32