Is there a way to do inventory / deploy without having SMB ports open on the remote workstation?

Follow

Bret L

• December 01, 2020 19:31

We block SMB on all servers / workstations and have had to make a FW exception on the PDQ server. If this server is ever exploited (since techs have to also be administrators on this box to use the console that leaves the risk that the server could be exploited) it could push out attacks to all remote servers and desktops.

If connections could be made to the inventory agent (please bring this back) the inventory agent could do the deploy and not need to have its c$ open to anything else other then locally.

 

0

• 

  SelfMan

  • January 30, 2021 03:22

  Hi,
  If i may to put my 2 cents on this. If you are already in the state that there is already a intruder on the network, you've already lost.
  it does not matter much if the information is pulled or pushed between the computers. The communication is there and can be exploited.

  I assume that you are managing the server either via RDP or some Web based / API-Port based application.
  The only way you can limit the impact is to limit the access via firewall rules. The human factor is the biggest risk.
  To mitigate it, create sufficient multi-tier and offsite backups. And keep all the machines up to date.

  My motto: "Keep the healthy amount of paranoia fresh." Create theoretical scenarios how a intruder could get in and implement countermeasures. But also keep in mind how much that process will cost.

  0

  Comment actions Permalink

Please sign in to leave a comment.