In light of recent events, the ever growing need to lock down each and every tool within your MSP’s tool stack has become very transparent. Hackers worldwide are now specifically targeting MSP’s and one of the easiest ways that they have been able to do so, is through the RMM.
This begs the question: How Secure is your RMM? Below is a list of our top 13 points that we believe every MSP should be implementing to stay secure and reduce vulnerabilities within the tool.
- Backup your RMM nightly and to a secure location.
- Review all user accounts regularly for the last login, permission (Principal of least privilege), 2FA/MFA.
- Enable SSO, SSO has great user management capabilities as well as the ability to use other authentication providers like Microsoft Azure.
- Ensure all user accounts are valid. Deactivate all invalid user accounts. Access to the Data base is as / if not more dangerous as access to the RMM/Remote Control applications.
- If your RMM supports White-Listing, it can be configured at the server level to ensure that all connections are locked down to the whitelist.
- Segregate the RMM and Remote agent servers from the rest of the internal network whenever possible.
- Regularly review client environments for machines missing agents. An agent not being monitored is very vulnerable and can be used to attack other internal devices.
- Limit user access to the servers hosting the RMM and Remote-Control applications.
- Antivirus should be installed on the RMM and Remote-Control servers, however, it is important to ensure the proper exceptions have been applied or this can cause major issues for the applications.
- Have plans in place to prevent further access into environments in case of a breach. (A method to prevent communication with the RMM if breached)
- Do not link scripts to sites like pastebin or other links that can be spoofed.
- Keep the RMM and Remote-Control products up to date as there are many security releases for the product.
- Keep plugins/extensions up to date. Many plugins/extensions release updates that will also include security-based items.
