Desktop Central is an endpoint management tool that manages your devices running on different Operating Systems from a central location. In this document, we will provide you with some tips and tricks to harden your Desktop Central security.
Desktop Central immediately releases the security patches for identified security issues. Follow the Security Updates Group and the Security Updates on Vulnerabilities section in our Knowledge Base to stay updated with the latest security patches. Furthermore, please subscribe to our Data Breach Notification to receive notifications on any security incident without delay.
Note: It is highly recommended to
1) Update your Desktop Central server to the latest build.
2) Grant access to the Desktop Central folder only to authorized users.
Securing the login access to Desktop Central, can prevent security issues involving roles and permissions.
To fortify the login access, go to the Admin tab, and click Security Settings.
The default admin account should be removed after the first login.
All communication between the Desktop Central server and the agents will take place using the HTTPS protocol after enabling this option.
Note: In addition, disable the 8020 port in firewall in your network
It is recommended to configure Desktop Central with a trusted third party certificate to ensure secured connections between desktops, mobile agents and servers. However, for secured communication using HTTPS, a default certificate will be provided along with the server.
Having a second level of verification for technicians ensures that unauthorized access is prevented.
Setting a complex password policy allows users to configure unique passwords that are tough to crack. The more complex a password policy is, the more combinations there will be.
The local network share will contain all the software installation files. Access credential is use to grant access to the share to authorized users only.
The agent monitors and executes the configurations and tasks deployed to a particular endpoint. That's why it is necessary to forbid users from uninstalling the agent.
Preventing the users from stopping the Agent service ensures that the endpoint stays in contact with the server every 90 minutes.
HTTPS protocol for both LAN and WAN agents ensures that the communication between the agents and the server is always encrypted.
Enable this option to secure the communication during Remote Control sessions and File Transfer operations.
For improved security, it is advisable to use the newer version of TLS, instead of using the older ones.
Note: Users cannot manage devices running on legacy OS platforms (Windows XP, Vista, Server 2003 and Server 2008) after disabling the older version of TLS.
It is highly recommended to host the Desktop Central server in a corporate network protected by firewall restrictions and other security measures. If there are several roaming users and remote offices, then you can use an additional component, called the Secure Gateway Server. Secure Gateway Server is a reverse proxy solution that acts as a bridge between the WAN agents and the Desktop Central server. It prevents the need for the Desktop Central server to be hosted as an EDGE device to manage roaming users.
It is highly recommended for Desktop Central users to follow the guidelines in this document. In particular, safeguarding the server by configuring the Security Settings. This proves to be a quick and effective move against cyber threats. Moreover, the steps provided for every module will help strengthen the security even further.