Jump to content

Gavsto

Administrator
  • Content Count

    136
  • Joined

  • Last visited

  • Days Won

    27

Gavsto last won the day on February 16

Gavsto had the most liked content!

Community Reputation

88 Excellent

3 Followers

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Gavsto

    URGENT - Automate update needed by March 9th 2019

    We, as a team, have noticed over the last couple of days that there has been some pretty heavy criticism of ConnectWise across forums, Slack, and social media outlets like Reddit in relation to the problems with the Automate binaries. A lot of the criticism has been relatively unfounded. The problems found within the product are not issues that we believe could have been picked up by any standard QA or testing measures - bearing in mind that our team member only stumbled on to this by complete accident. In regards to the criticism surrounding ConnectWise's notification to partners, it's much easier for the leaders in a community like ours to notify our members as we are not bound by the processes, procedures and multiple teams required to get a fix like this out successfully at a corporate level. Though there are clear areas for improvement in QA and testing processes, every member of the MSPGeek team was impressed at the speed of response and subsequent delivery of a fix by the Automate team. Our community was founded and based upon the idea of mutual assistance, open sharing, good communication and, for the past 6 years, has provided a trusted platform for users to support each other while helping ConnectWise make the product better. Let's continue to help ConnectWise by providing constructive criticism while helping them, and each other, through this bump in the road; it's the MSPGeek way.
  2. Following the MSPs who were impacted by this https://www.reddit.com/r/msp/comments/ani14t/local_msp_got_hacked_and_all_clients_cryptolocked/ a number MSPGeekers had an impromptu call to discuss security in general and what best practices we all followed to ensure our systems are as secured as possible. This prompted an idea from @MetaMSP that we have a place where best practices can be defined - things that we can put in place to make our RMMs as secure as possible. I will update this with a list of generally agreed upon methods based on the discussion. How can I apply better security? 1) Enable Multi-Factor Authentication. This is a functionality that already exists within Automate in the form of plugins, and for the effort to implement it gives a massive boost to security. As an MSP every single account you have should have 2FA on it 2) Do not publish your Automate URL publicly - anywhere. If you are linking to your Automate site, or even your Control site from anywhere on your website - remove it and ensure to the best of your ability it is removed from search engine indexes. Attackers can find servers like this on Google using very simple methods and you will be one of the first they attempt to attack. 3) Review all plugins/extensions installed and disable, remove the ones you no longer use. Having an added benefit of speeding your system up, each of these adds a small risk profile as you are relying on third party code being secure running in the background. Removing plugins you no longer use or need reduces the surface area of attack. 4) Review ports you have open and close ports that are not needed. You will find the ConnectWise documentation here on what ports should be open. https://docs.connectwise.com/ConnectWise_Automate/ConnectWise_Automate_Documentation/020/010/020 . Don't just assume this is right - check. Ports like 3306 (MySQL DB Port) and 12413 (File Redirector Service) should absolutely not be opened up externally. 5) Keep your Automate up to date. ConnectWise are constantly fixing security issues that are reported to them. You may think you are safe on that "old" version of Automate/LabTech, but in reality you are sitting on an out-of-date piece of software that is ripe for someone attacking 6) DON'T share credentials except in cases of absolute necessity (one login is available ONLY and you can't afford a single point of failure if that one person that knows it disappears). <-- Courtesy of @MetaMSP 7) DO ensure that robots.txt is properly set on your Automate server. If you can Google your Automate server's hostname and get a result, this is BROKEN and should be fixed ASAP. <-- Courtesy of @MetaMSP 8 ) Firewall Blocking. I personally block every country other than the UK and the USA from my Automate Server on our external firewall. This greatly reduces your chance of being attacked out of places like China, Korea, Russia etc. 9) Frequently review the following at your MSP Check that the username and passwords set are secure, better yet randomise them all and use a password manager Treat vendors/services that don't support or allow 2FA with extreme prejudice. I will happily drop vendors/services that don't support this. If you 100% still need to keep them, setup a periodic review and pressure them secure their systems because you can almost guarantee if they are not doing customer logins properly that there will be other issues Setup a periodic review to audit users that are active on all systems. PSA, Office365, RMM, Documentation Systems (ITGlue/IT Boost) Audit 3rd Party Access, Consultants and Vendor access to your systems <-- Thanks @SteveIT 10) DON'T share credentials except in cases of absolute necessity (one login is available ONLY and you can't afford a single point of failure if that one person that knows it disappears). <-- Courtesy of @MetaMSP
  3. Gavsto

    Servers not alerting on bad hardware

    What type of servers?
  4. Gavsto

    TPM Ready

    Version 1.0.0

    8 downloads

    This SQL can be imported in System > General > Import > SQL File. It will add an additional role definition that detects when a TPM is in a ready state.
  5. Gavsto

    TPM Present

    Version 1.0.0

    10 downloads

    This SQL can be imported in System > General > Import > SQL File. It will add an additional role definition that detects when a TPM is present.
  6. Gavsto

    Automate Security Issue- Patch 11 and 12

    I completely agree, which is precisely why there should be a proper structure in place for reporting security vulnerabilities. Losing vulnerabilities because a support ticket got closed because a partner didn't respond is serious amateur hour stuff. This is also the second time I know of it has happened (one of my privately reported ones got lost in the same way, mostly because the initial support engineer could not comprehend what I was trying to raise). I implore ConnectWise to put a proper procedure in place for reporting security vulnerabilities allowing for responsible disclosure. In the mean time at least train the existing staff to escalate anything like this immediately to the appropriate resource.
  7. Gavsto

    Automate Security Issue- Patch 11 and 12

    Unable to reproduce. Tried externally and internally.
  8. Gavsto

    Help with new EDF not showing up in advanced search

    Reload your system cache, if that doesn't work reload the control center from scratch.
  9. Gavsto

    Editing/Deleting EDF's

    Automate Support were unfortunately talking horse shit. 1) I wouldn't do this, I'd generate a new one 2) Yes, just change the tab name on all the EDFs that have that tab 3) Once no EDF has that tab name anymore it is gone - they are all conceptual. You can absolutely delete an EDF. Right click it and delete it in the EDF tab.
  10. Hazard a guess at an internal monitor called UPDATES - Installed
  11. Gavsto

    General Automate Eval Questions

    1. You will never be able to do this easily in Automate - the functionality is massively lacking, and though the "Network probe" and SNMP related things are improving following a long period of neglect. Network monitoring of pretty much all sorts is a weakness in the product. 2. Passportal has a pass through to Control plugin. There is also a plugin called RMM+ Passwords which will take passwords stored in Automate and allow them to be used in Control too. You can do absolutely anything with Automate but pretty much none of it comes out the box. If what you're looking for is a platform that allows you to do pretty much what you want, as long as you build it yourself and you have the resource to dedicate to that it is perfect.
  12. Gavsto

    Automate, slow?

    How slow we talking? To open the Control Center initially? To open an agent window the first time? To open an agent window the second time?
  13. Gavsto

    Command Prompt From the Web Interface

    No - it's not been added in yet to the product. I believe it is coming though at some point.
  14. Gavsto

    Account Lockout monitor

    @apbirch67 didn't see this sorry... it's a RAWSQL monitor the identity field is computer.name SELECT COUNT(*) AS TestValue, c.name AS IDentityField, c.Computerid AS ComputerID, acd.NoAlerts, acd.UpTimeStart, acd.UpTimeEnd FROM computers c JOIN eventlogs e ON (e.computerid = c.`ComputerID`) LEFT JOIN AgentComputerData acd ON (c.computerid = acd.computerid) WHERE e.EventID IN (529,644,681,4625) AND (e.Message LIKE '%Logon Type:2%' OR e.Message LIKE '%Logon Type:7%' OR e.Message LIKE '%Logon Type:10%') AND TimeGen > (NOW() - INTERVAL 1 HOUR) GROUP BY c.`ComputerID` HAVING TestValue > 8
  15. View File Mass force device redetection across all Network Probes Run this against your Automate Server (or any agent really) and it will loop through all of your Network Probes and force a device redetection on all of them. This is the same as doing Commands > Probe > Run Device Detection, unfortunately this behaviour is not exposed in the GUI when you select more than one network probe.This is step 2 of pushing updated device detection templates to probes. Submitter Gavsto Submitted 11/22/18 Category Scripts  
×