Security of KACE SMA over the internet
Hello All,
We are planning to make our KACE SMA appliance accessible over the internet to manage mobile devices. I have a couple of questions related to the security of the KACE SMA.
Is there any form of authentication or cert involved during the agent provisioning/installation? Is it possible anyone who knows the URL of our KACE appliance can download the agent from the internet and enrol a random device into our KACE appliance?
Is a database of KACE appliance is encrypted?
Is it possible to disable the management/admin portal to be accessible over the internet? I think KACE use port 443 to manage the devices and the same port number is used to access admin portal.
Any recommendations or best practices to make the appliance more secure over the internet?
Thank you
-
Good question, we are in the process of getting this done so would like to know the answer to this also. - babagee 5 years ago
-
Hey there, this is an old thread but we have now added a security token associated with the msi to restrict connectivity to the appliance. these without a token or incorrect / expired token will join and go into quarantine, then you can delete or allow. - Ozhunna 2 years ago
Answers (3)
Top Answer
Hi, You might want to read this:
https://support.quest.com/kace-systems-management-appliance/kb/267753/best-practices-for-securing-your-sma
(there is a good PDF attached at the end as well),
and read this:
https://support.quest.com/kace-systems-management-appliance/kb/118540/how-to-make-your-system-management-appliance-sma-publicly-facing-sma-integrity-test
If your KACE box is externally facing, one best practice is much more Asset management related. When disposing of an Asset, in this case, a Device that has the agent installed, you must make sure that the agent is removed, or better still the device is completely wiped before disposing of. Otherwise you may find the device continues to check in to your SMA and consumes a license.
Hey there, this is an old thread but we have now added a security token associated with the msi to restrict connectivity to the appliance. these without a token or incorrect / expired token will join and go into quarantine, then you can delete or allow.
