ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Unsolved ManageEngine: Desktop Central - MFA

    IT Discussion
    manageengine desktopcentral mfa security annoyance time waster
    3
    5
    760
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gjacobseG
      gjacobse
      last edited by

      Does ManageEngine: Desktop Central really need MFA?

      I ask as the most recent update applied now requires MFA at least once a day (as configured for us). But why would DC really need MFA?

      If you are not IN the office or ON the VPN - I can't use it to access your computer. It's internal only.

      scottalanmillerS 1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @gjacobse
        last edited by

        @gjacobse said in ManageEngine: Desktop Central - MFA:

        Does ManageEngine: Desktop Central really need MFA?

        I ask as the most recent update applied now requires MFA at least once a day (as configured for us). But why would DC really need MFA?

        If you are not IN the office or ON the VPN - I can't use it to access your computer. It's internal only.

        You answered your own question. VPNs are one of the biggest, riskiest, scariest security holes and environment commonly has. If you've got VPN exposure, MFA is so important because, while you can have a decently secure VPN, no one that needs a VPN would ever properly secure it. VPNs exist (almost exclusively) for environments that have utterly screwed the pooch on security design. So the nature of needing a VPN means security has totally failed already. So the chances that the people who completely failed at security design would not also do standard VPN design and screw the security there too, is super low.

        So...

        1. That you need a VPN means MFA is super important.
        2. That they implemented that VPN instead of fixing the need for it means MFA is even more important still.
        gjacobseG 1 Reply Last reply Reply Quote 0
        • gjacobseG
          gjacobse @scottalanmiller
          last edited by

          @scottalanmiller
          We won't talk about the VPN itself. We have nearly 300 employees, yet the VPN can only (rumored) handle about 150-200...

          It is being replaced.. but still.

          As for the network design.. yea,.. MPLS, SD-Wan,... I *think * they described it as a VPN to Azure for the EMR - which uses a RDS broker to fifteen RDS servers for the EMR (don't ask)..

          Seems like a gas soaked bonfire waiting for a match.

          scottalanmillerS travisdh1T 2 Replies Last reply Reply Quote 1
          • scottalanmillerS
            scottalanmiller @gjacobse
            last edited by

            @gjacobse said in ManageEngine: Desktop Central - MFA:

            As for the network design.. yea,.. MPLS, SD-Wan,... I *think * they described it as a VPN to Azure for the EMR - which uses a RDS broker to fifteen RDS servers for the EMR (don't ask)..
            Seems like a gas soaked bonfire waiting for a match.

            For sure, and that's why MFA is so much more important than normal that kind of environment.

            1 Reply Last reply Reply Quote 0
            • travisdh1T
              travisdh1 @gjacobse
              last edited by

              @gjacobse said in ManageEngine: Desktop Central - MFA:

              @scottalanmiller

              It is a gas soaked bonfire waiting for a match.

              Fixed that for you.

              1 Reply Last reply Reply Quote 1
              • 1 / 1
              • First post
                Last post