Jump to content
Sign in to follow this  
FocalFury

CWA Security with 3rd Party Plugins & Overall

Recommended Posts

Hi all,
Recently we saw a thread in r/msp https://www.reddit.com/r/msp/comments/ani14t/local_msp_got_hacked_and_all_clients_cryptolocked/ where an MSP had their client's machines all had ransomware installed due to an insecure plugin with Kaseya.  This got us thinking about security overall with CWA and what we can do to increase our security posture.  What do you do to improve security with regards to CWA.

We are reaching out to vendors that we have 3rd Party Plugins, as well as our Account Manager for information.  We're also considering blocking MYSQL ports to the DB server over our LAN except for our frontend server (in a dual server split).  Is this a good/bad idea?

We do have 2FA on all CWA accounts as well.

What else should we be considering?

Share this post


Link to post
Share on other sites

If MySQL is accessible, 2FA is irrelevant. Those ports should only be accessible from TRUSTED sources.  Generally that doesn't include your entire LAN, and it only NEEDS to include your front end server (or any data feeds that might work directly with it, like Brightgauge, etc.). LTAdmin accounts have essentially the same access as root when it comes to ability to access tables, make changes, etc.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...