Security of KACE SMA over the internet
We are planning to make our KACE SMA appliance accessible over the internet to manage mobile devices. I have a couple of questions related to the security of the KACE SMA.
Is there any form of authentication or cert involved during the agent provisioning/installation? Is it possible anyone who knows the URL of our KACE appliance can download the agent from the internet and enrol a random device into our KACE appliance?
Is a database of KACE appliance is encrypted?
Is it possible to disable the management/admin portal to be accessible over the internet? I think KACE use port 443 to manage the devices and the same port number is used to access admin portal.
Any recommendations or best practices to make the appliance more secure over the internet?
Hi, You might want to read this:
(there is a good PDF attached at the end as well),
and read this:
If your KACE box is externally facing, one best practice is much more Asset management related. When disposing of an Asset, in this case, a Device that has the agent installed, you must make sure that the agent is removed, or better still the device is completely wiped before disposing of. Otherwise you may find the device continues to check in to your SMA and consumes a license.