This morning, the forum wasn’t working and when I logged in onto the portal, my dashboard was changed and all the headings were in Turkish:
Can you tell if there were any problems?
I’m still very afraid of security breaches regarding the platform.
That’s why I still opt for the following feature request:
-Please give us a selection box per device where you can disable scripts for that device.
In case someone else (==hacker) has access to the platform, and launches a script to all devices.
This is because I also manage servers with the agent, and don’t run ANY scripts on those devices. Maintenance is manually.
So I also don’t want any scripts running on those devices by anyone in case of a breach.
“What other information can you provide me on the request that might aid in getting this assessment done?”
It would be nice to have an option to disable all the scripting pushed via the agent for that device.
This could be a positive feature for all the ‘Business critical’ devices where you don’t want a script to be the cause of failures.
There are a few scripts here that can cause serious problems, but scripting can also spread malware when triggered by a malicious ‘user’ from the portal.
So, whether it was triggered accidentally, or by an external factor like a security breach or malware, this could be a very nice feature to protect some devices.
It can be a simple checkbox somewhere in the dashboard. For example on the ‘Profiles page’ or just in the menubar.
For example:
These scripts can be very useful on roaming workstations, but not on a server:
A malicious user could trigger such a script to ALL the devices on your network, or worse, upload his own script.
Such a simple checkbox, could protect your critical server/ device.
I personally, find the ‘Run procedure’ very dangerous because you don’t get to confirm your selection AND ‘all devices’ is selected as default!:
Just to add to this, I would prefer an admin level MFA approval for new scripts or changing device profile settings. That way if a new script is created - even by an admin account, in order for it to be approved for use, an admins MFA code needs to be entered during the approval process. This means even if a hacker somehow has access to your account, they cant create their own scripts to deploy to your endpoints without the MFA token or code from your device.
I see an extremely security conscious in the way you work, and working with any RMM system you will have these potential issues.
If you disable scripting like this, a large chunk of the platform is removed from your use. I believe from memory that leaves you with built in functionality like disk usage, cpu usage or custom monitors you create.
Saying that the custom monitors are based on scripts you write to return a result, so even this would allow the type of attack you described to be done.
I believe you have a good idea, but I wonder if the following would be better?
A run queue for devices enabled so you can see requests ready to be run on devices.
Add an approval queue for scripts.
Profile option to say scripts assign to these devices go to approval queue not run queue.
Approval is done via a MFA check on items in approval queue, once approved they go into run queue.
I know some functionality will miss or will not work fully.
It’s just that there are some devices you only want to see if they’re online and ‘remote control’ via the platform.
Now if you install the client, only for those purposes (remote control and online status), you also have the potential to run scripting on those systems. And that’s a potential extra risk.
Otherwise, you have to use another product only to control those devices.
But your options sounds good too. It’s one step further, but the result is: more security.
And that’s good.
Only addition is: loose the default settings for ‘Run on all devices’!!
Do you already have more info?
Support must know something because the whole forum website was malfunctioning (–webserver was online), which couldn’t be unnoticed.
And then the changed preferences in my portal settings at the same time.
I only wanted to know if there were security issues on both platforms. (see my changed layout)
Unfortunately I have reached out to support and they have obviously not come back on here so will escalate this to see if I can get this answered for you.
I know the system has had an outage or two which can had side effects sometimes, but no security issues for sure.
