RMM Central is a holistic remote monitoring and management tool for MSPs that manages your client networks and devices, and helps you automate your complete client IT management from a central location. In this document, we will provide you with some tips and tricks to harden your RMM Central security.
RMM Central immediately releases the security patches for identified security issues. Follow the Security Updates Group to stay updated with the latest security patches. Furthermore, please subscribe to our Data Breach Notification to receive notifications on any security incident without delay.
Note: It is highly recommended to
1) Update your RMM Central server to the latest build.
2) Grant access to the RMM Central folder only to authorized users.
3) Use proper firewall and Anti-virus software and keep them up-to-date to get accurate alarm.
4) Delete unused user accounts from RMM Central server's product console and from the machine where the RMM Central server is installed.
5) Install distribution server in a dedicated machine with no other third party software in it. Only Authorized users should have access to this machine.
Securing the login access to RMM Central, can prevent security issues involving roles and permissions.
To fortify the login access, go to the Admin tab, choose UEM and click Security Settings.
The default password for the admin account should be changed after the first login. Go to profile and click on Personalize and navigate to Change Password to modify the account password for login.
It is recommended to configure RMM Central with a trusted third party certificate to ensure secured connections between server and all devices. However, for secured communication using HTTPS, a default certificate will be provided along with the server.
Setting a complex password policy allows users to configure unique passwords that are tough to crack. The more complex a password policy is, the more combinations there will be.
The agent monitors and executes the configurations and tasks deployed to a particular endpoint. That's why it is necessary to forbid users from uninstalling the agent. Navigate to Admin tab -> UEM -> Agent Settings to restrict agents from being uninstalled by users.
Preventing the users from stopping the Agent service ensures that the endpoint stays in contact with the server every 90 minutes.
HTTPS protocol for both LAN and WAN agents ensures that the communication between the agents and the server is always encrypted.
Enable this option to secure the communication during Remote Control sessions and File Transfer operations.
For improved security, it is advisable to use the newer version of TLS, instead of using the older ones.
Note: Users cannot manage devices running on legacy OS platforms (Windows XP, Vista, Server 2003 and Server 2008) after disabling the older version of TLS.
Trusted Communication can be enabled only after importing a third party certificate.
If enabled, the computers with the older agent versions will no longer be able to communicate. Ensure the agent versions are up to date.
It is highly recommended for RMM Central users to follow the guidelines in this document. In particular, safeguarding the server by configuring the Security Settings. This proves to be a quick and effective move against cyber threats. Moreover, the steps provided for every module will help strengthen the security even further.