5 Ways To Secure Your RMM Platform
Obscurity : Effectiveness = 1
While effective security cannot be reliant on obscurity, obscurity itself is not harmful to the security of a system. Banks trust that their vaults are secure, yet that doesn’t mean they allow anyone to touch or see them. Follow common sense and don’t leave information about your security infrastructure or RMM login consoles on pages that are publically accessible or easily visible.
Passwords : Effectiveness = 2
Passwords have been around for at least a few millenia. They’ve lasted this long because, if they’re strong and not well-known, they work as an effective authentication test. The problem is that those ideal circumstances rarely exist in reality. Unfortunately, passwords are rarely as strong as they should be, and some are so well known they should almost be considered celebrities.
Limited Access : Effectiveness = 3
Restricting when people can login to an RMM system is one effective way to secure an RMM platform. Limiting your shift-working staff’s unfettered access to the times they would be on-shift is effective because it limits the windows of time an undetected attack could be made. Limitations could also be placed on remote access, providing it only to those that need it based on the principle of least privilege.
Limited Rights : Effectiveness = 4
Limiting rights within systems can be even more effective than limiting access. If only one of your staff needs access to a set of functions within an RMM system, why would you make those functions accessible to all users? The principle of least privilege works. It can help to mitigate the risk of attacks, while also mitigating the potential damage that any compromised account may result in.
Multi-Factor Authentication (MFA) : Effectiveness = 5
If you require that each RMM accessing user prove their identity with Multi-factor Authentication, then you effectively prevent the impersonation of users. As properly established MFA is virtually fail-proof, any malicious activity coming from a users account can reasonably be attributed to that user. MFA also has the benefit of mitigating much of the risk posed by social engineers and keyloggers.