Jump to content
Sign in to follow this  
FocalFury

CWA Security with 3rd Party Plugins & Overall

Recommended Posts

Hi all,
Recently we saw a thread in r/msp https://www.reddit.com/r/msp/comments/ani14t/local_msp_got_hacked_and_all_clients_cryptolocked/ where an MSP had their client's machines all had ransomware installed due to an insecure plugin with Kaseya.  This got us thinking about security overall with CWA and what we can do to increase our security posture.  What do you do to improve security with regards to CWA.

We are reaching out to vendors that we have 3rd Party Plugins, as well as our Account Manager for information.  We're also considering blocking MYSQL ports to the DB server over our LAN except for our frontend server (in a dual server split).  Is this a good/bad idea?

We do have 2FA on all CWA accounts as well.

What else should we be considering?

Share this post


Link to post
Share on other sites

If MySQL is accessible, 2FA is irrelevant. Those ports should only be accessible from TRUSTED sources.  Generally that doesn't include your entire LAN, and it only NEEDS to include your front end server (or any data feeds that might work directly with it, like Brightgauge, etc.). LTAdmin accounts have essentially the same access as root when it comes to ability to access tables, make changes, etc.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×