On-Premises
Cloud
Endpoint Central immediately releases the security patches for identified security issues. Follow the Security Updates Group and the Security Updates on Vulnerabilities section in our Knowledge Base to stay updated with the latest security patches. Furthermore, please subscribe to our Data Breach Notification to receive notifications on any security incident without delay. You can also configure Personalized Security Settings to recieve security recommendations from Endpoint Central.
Note: It is highly recommended to
1) Update your Endpoint Central server to the latest build.
2) We strongly advise customers against granting access to the ManageEngine folder for non-administrative group users.
3) Use proper firewall and Anti-virus software and keep them up-to-date to get accurate alarm.
4) Delete unused accounts:
i. From Endpoint Central: Delete unused user accounts from Endpoint Central server's product console and from the machine where the Endpoint Central server is installed.
ii. From MSSQL server: If you have configured MSSQL, then it is recommended to remove any unused account from the MSSQL server installed machines as well.
5) Install distribution server in a dedicated machine with no other third party software in it. Only Authorized users should have access to this machine.
6)Configure Email address to receive security notifications from Endpoint Central.
Below are the security settings you can configure on Endpoint Central console to stay secure.
Configure email address to receive security advisories from Endpoint Central.
Get personalized Central server hardening recommendations via email.
The default admin account should be removed after the first login.
This setting will enforce your Endpoint Central Server to accept responses that are in HTTPS mode only.
Note: In addition, disable the 8020 port in firewall in your network
Have a second level of verification for technicians to ensure unauthorized access is prevented.
The agent monitors and executes the configurations and tasks deployed to a particular endpoint. That's why it is necessary to forbid users from uninstalling the agent.
Preventing the users from stopping the Agent service ensures that the endpoint stays in contact with the server every 90 minutes.
HTTPS protocol for both LAN and WAN agents ensures that the communication between the agents and the server is always encrypted.
Configure Endpoint Central with a trusted third party certificate to ensure secured connections between endpoints and servers. However, for secured communication using HTTPS, a default certificate will be provided along with the server.
For improved security, it is advisable to use the newer version of TLS, instead of using the older ones.
Note: Users cannot manage devices running on legacy OS platforms (Windows XP, Vista, Server 2003 and Server 2008) after disabling the older version of TLS.
It is highly recommended to host the Endpoint Central server in a corporate network protected by firewall restrictions and other security measures. If there are several roaming users and remote offices, then you can use an additional component, called the Secure Gateway Server. Secure Gateway Server is a reverse proxy solution that acts as a bridge between the WAN agents and the Endpoint Central server. It prevents the need for the Endpoint Central server to be hosted as an EDGE device to manage roaming users.
Secure the communication between Central server and agents by enforcing identity verification during HTTPS communication. It can be enabled only after importing a third-party certificate. Learn more.
Enable client certificate authentication to validate the authenticity of agents that try to establish a connection with the server. Before enabling, ensure the agent versions are up-to-date, as older agents will not be able to connect with the server. Learn More.
Configure this to encrypt the scheduled database backup with a password.
The local network share will contain all the software installation files. Access credential is use to grant access to the share to authorized users only.
It is highly recommended for Endpoint Central users to follow the guidelines in this document. In particular, safeguarding the server by configuring the Security Settings. This proves to be a quick and effective move against cyber threats. Moreover, the steps provided for every module will help strengthen the security even further.
Endpoint Central Cloud is an endpoint management tool that manages your devices running on different Operating Systems from a central location. In this document, we will provide you with some tips and tricks to harden your Endpoint Central Cloud security.
Endpoint Central Cloud immediately releases the security patches for identified security issues. Follow the Security Updates Group and the Security Updates on Vulnerabilities section in our Knowledge Base to stay updated with the latest security patches. Furthermore, please subscribe to our Data Breach Notification by following the steps: Navigate to Admin tab > Click on Privacy Settings > Submit e-mail address in the data breach notification form to receive notifications on any security incident without delay.
Note: It is highly recommended to
1) Use proper firewall and Anti-virus software and keep them up-to-date to get accurate alarm.
2) Delete unused accounts: Admin > User Administration > Dissociate the unused user account.
3) Install distribution server in a dedicated machine with no other third party software in it. Only Authorized users should have access to this machine.
4) Enable Multi factor authentication: Go to the Admin tab > User Administration > Secure Authentication > Enable TFA.
5) Configure complex password policy: Go to the Admin tab > User Administration > Secure Authentication > Configure password policy.
To fortify the login access, go to the Admin tab, and click Security Settings.
The agent monitors and executes the configurations and tasks deployed to a particular endpoint. That's why it is necessary to forbid users from uninstalling the agent.
Preventing the users from stopping the Agent service ensures that the endpoint stays in contact with the server every 90 minutes.
It is highly recommended for Endpoint Central users to follow the guidelines in this document. In particular, safeguarding the server by configuring the security settings. This proves to be a quick and effective move against cyber threats. Moreover, the steps provided for every module will help strengthen the security even further.