You should protect your Citrix environment the same way you protect any end client device on your network. Although it is very unlikely that an infected client using a Citrix session could directly infect the Citrix server, it is possible that the Citrix server may have a vulnerability that needs protected until it can be patched. The key to protecting systems is ensuring patches and updates are applied.
In the IT trenches? So am I – read my IT-Trenches blog