Endpoint Central MSP is an endpoint management tool for MSPs that manages your client devices running on different Operating Systems from a central location. In this document, we will provide you with some tips and tricks to harden your Endpoint Central MSP security.
Endpoint Central MSP immediately releases the security patches for identified security issues. Follow the Security Updates Group and the Security Updates on Vulnerabilities section in our Knowledge Base to stay updated with the latest security patches. Furthermore, please subscribe to our Data Breach Notification to receive notifications on any security incident without delay.
Note: It is highly recommended to
1) Update your Endpoint Central MSP server to the latest build.
2) Grant access to the Endpoint Central MSP folder only to authorized users.
3) Use proper firewall and Anti-virus software and keep them up-to-date to get accurate alarm.
4) Delete unused accounts:
i. From Endpoint Central MSP: Delete unused user accounts from Endpoint Central MSP server's product console and from the machine where the Endpoint Central MSP server is installed.
ii. From MSSQL server: If you have configured MSSQL, then it is recommended to remove any unused account from the MSSQL server installed machines as well.
5) Install distribution server in a dedicated machine with no other third party software in it. Only Authorized users should have access to this machine.
Securing the login access to Endpoint Central MSP, can prevent security issues involving roles and permissions.
To fortify the login access, go to the Admin tab, and click Security Settings.
The default admin account should be removed after the first login.
All communication between the Endpoint Central MSP server and the agents will take place using the HTTPS protocol after enabling this option.
Note: In addition, disable the 8040 port in firewall in your network
It is recommended to configure Endpoint Central MSP with a trusted third party certificate to ensure secured connections between desktops, mobile agents and servers. However, for secured communication using HTTPS, a default certificate will be provided along with the server.
Having a second level of verification for technicians ensures that unauthorized access is prevented.
Setting a complex password policy allows users to configure unique passwords that are tough to crack. The more complex a password policy is, the more combinations there will be.
The agent monitors and executes the configurations and tasks deployed to a particular endpoint. That's why it is necessary to forbid users from uninstalling the agent.
Preventing the users from stopping the Agent service ensures that the endpoint stays in contact with the server every 90 minutes.
HTTPS protocol for both LAN and WAN agents ensures that the communication between the agents and the server is always encrypted.
Enable this option to secure the communication during Remote Control sessions and File Transfer operations.
For improved security, it is advisable to use the newer version of TLS, instead of using the older ones.
Note: Users cannot manage devices running on legacy OS platforms (Windows XP, Vista, Server 2003 and Server 2008) after disabling the older version of TLS.
It is highly recommended to host the Endpoint Central MSP server in a corporate network protected by firewall restrictions and other security measures. If there are several roaming users and remote offices, then you can use an additional component, called the Secure Gateway Server. Secure Gateway Server is a reverse proxy solution that acts as a bridge between the WAN agents and the Endpoint Central MSP server. It prevents the need for the Endpoint Central MSP server to be hosted as an EDGE device to manage roaming users.
Trusted Communication can be enabled only after importing a third party certificate. Learn more.
If enabled, the computers with the older agent versions will no longer be able to communicate. Ensure the agent versions are up to date. Learn More.
It is highly recommended for Endpoint Central MSP users to follow the guidelines in this document. In particular, safeguarding the server by configuring the Security Settings. This proves to be a quick and effective move against cyber threats. Moreover, the steps provided for every module will help strengthen the security even further.