Kace client security issue, can the client have a passphrase to authenticate to a server?
So my question, as above, can we set a client password that is required to check in to the KACE box? Or is there some kind of private key/public key encryption authentication mechanism? What are the drawbacks of implementing this if it is possible?
If your KACE appliance is open to the internet for checking-in of your users what is there to prevent a potential malicious connection from a modified client?
We just had an interesting situation here, where a computer that is not ours and is from another organization checked in to our KACE system. They also use KACE, and unfortunately both our DNS records are the same which is what allowed this client to check into our system. This system was able to run the scripts that we use and now has desktop shortcuts onto the system that are for us internally. I also do not know the extent of other things that have been modified. My counterpart at the other agency and I plan to go over and check on the system to figure out what has occurred.
Obviously I'll be changing the DNS record of our system, but was wondering if there was anything more that could be done. Thanks!
Be the first to answer this question