The tools we use to help our clients are now probably the biggest security risk they face. We have to put controls in place when there is a risk. Do you do everything you can to keep your RMM and the tools that go with it as safe as possible? Though these tips are primarily aimed at RMM, they are applicable to any product in your stack.
1. Make sure your RMM tools and solutions are up-to-date.
Create a weekly recurring task to manually check for updates to your solution tools.
Patch any critical security fixes that have been identified, even if it is in the middle of the day.
Always have a way to go back, like a full or snapshot backup.
Don't forget to check other parts of solutions for changes. As an example, to update plugins, you can use ConnectWise Solution Center.
Make sure that all integrations are current.
Don't just pay attention to RMM. People often forget about ConnectWise Control and ConnectWise Manage. That also has plug-ins. Whether your software is on-premise or in the cloud, you should check every so often to see if it has been updated.
2. Audit the user accounts on your tools.
When was the last time you looked at the user accounts in your RMM? How sure are you that all of them have 2FA? Do we really need them all?
Set up a regular task to check on the users in your tools manually.
Set up a password policy with a ridiculously long list of random characters.
Make sure that 2FA is turned on for all of the accounts.
Check each account's level of access and use the principle of least privilege. Users should only be given the permissions they need to do their jobs.
Get rid of accounts that aren't being used.
Check your API and integration keys. If you're putting these away, are they in a safe place? If you're not sure, cycle them and make new keys.
3. Protection of technical systems and networks
In this section, on-premise RMM partners are given more attention.
Set your firewall to block other countries based on where they are.
If RMM server reachable from the main network inside your company, Put it in a separate network and make it hard for other parts of your network to get to it. So, your own internal network can't be used as a stepping stone to get in.
Use the IPS features of your firewall, if you can, to look at the network traffic that is being sent to your RMM server.
If you're on-premise, check all of your port forwards to make sure you need them.
Only allow the right people to access your RMM server. Don't forget the rules of least privilege
Make sure that NIST/CIS controls are being used on your internal assets. Your own MSP security should be better than that of any of your clients.
Make sure you have the right endpoint detection software installed.
4. People and Methods
Make an Incident Response plan for both when your vendor has a security problem and when they are being attacked. This should be easy for your staff to get to so they can act quickly.
Have a stop button. Something you can run in the worst-case scenario to shut down your RMM/stack infrastructure.
Learn how your RMM sends commands to its endpoints so you can quickly undo anything that gets queued.
Do risk assessments on your infrastructure on a regular basis.
Comments