RMM Blog Post #2
Remote Monitoring Detection and Response
By: Devon Dys (Blog
Post 2 / Emerging Trends in Technology)
Introduction
Continuing from the original blog post #1 I will be
going into further details about Remote Monitoring and Detection Systems (RMM).
Focusing primarily on the security, and functionality that is provided, such
as: how you connect to the RMM, basic use and functions commonly used. A
detailed look into SMART drive use; what it provides and how it is used, monitoring
HUB and scripting possibilities. There will be a video demonstration using
Tactical RMM using a demo architecture following these topics.
Security
When security is a concern, we look to an RMM to provide
that extra layer to protect what’s important to us. This is applied through
multiple layers and should be done in good practice. Some of the current security
measures in place have changed drastically throughout the years. Like any
product provided it is almost required to showcase what is different and how it
improved. So, why shouldn’t this blog follow that example?
|
Old |
New |
|
Updates were applied when needed
to avoid breaking systems. |
Updates are now applied as they
come out, if something breaks it will be fixed after. |
|
Multi-from Authentication is almost
non-existent. |
MFA is now used regularly and is
required by most companies. |
|
The use of computers was limited,
so mostly those who knew what they did were informed. |
Training is provided to ALL
employees, to avoid scams, ransomware, and other targeted unauthorized access. |
|
All employees were onsite and
connected to the network within the building. |
Many employees have gone remote,
this requires a different form of security. |
|
Isolation of components was rare
and often exposed to the outside world. |
Approximately 66% (2021) of the
world has access to the internet, having components isolated or hidden is key
to protecting information. |
|
Scalability of systems was
limited often proving to be difficult to expand easily. |
Scalability is required, when adding
devices providing a secure configuration is critical when expanding or reducing
a network. |
|
Certain components had security
on them, simple drive protection and encryption. |
Many security layers exist now,
from network setup, hardware security, antivirus, social, MFA and RPC over
HTTPS. |
Between the two comparisons, there are some drastic changes
some of which prove to be more secure and others causing further complications.
How updates were applied is immensely different than in the past. Most updates
in the past (older Windows versions) would be tested before they were ever
applied to customers/staff. This was to avoid breaking causing complications
that would emerge from the update. Nowadays updates are almost applied
instantly, this is due to the security improvements provided in a computer or
phones update. Retroactively fixing any other errors that may occur from the
new update.
Multi-Form Authentication
Multi-form authentication is seeing a rise in every website
or software we use daily. This is extremely important to protecting information
from outside access. Due to internet
access being more “normalized”, having a single password-protected account is in
poor practice. Looking at the current example from Hive Systems, we can see how
long it would take to get into an account with a brute-force method. This doesn’t
include other forms of entry like social engineering, passwords saved to a file
for easy access or using the same password for multiple accounts (data leaks can
happen).
Figure 1: From Hive-Systems how long it takes to brute-force a password.
How does this apply to RMM?
When using an RMM tool software can be provided to all
clients connected to it. This could be antivirus, password storage or multi-form
authentication. Now each security measure has its benefits and use case but
combined create the ideal environment for protecting data. Antivirus protects
against unwarranted programs and malicious files. Password storage allows users
to create multiple passwords that they no longer must remember and provide
added encryption. This is surprisingly effective as it eliminates social engineering,
with longer passwords and is more unique for every service they may use. MFA as
explained above makes sure that even if a password level fails the user verifies
who they are through another program. Regardless if it’s an emailed key, text
or third-party program that connects! An
RMM ensures that these tools are provided to the clients and accompanied by employee
training will enhance security exponentially.
Summarizing Security
Cyber-Security is a growing and constant concern, that will
be around with the internet. Ransomware attacks are commonplace, causing small
and midsize businesses to collapse. Large businesses often combat attacks daily
and upon failure must pay large sums of money averaging out at about $570,000. It’s
estimated that about 4000 attacks happen daily in the USA alone.
Using RMMs does have a downfall, giving access to the whole
network upon a breach. Viewpoints shift between if an RMM is necessary to a
business, or just safer without it. Like most services provided today, we must
consider the trade-off of anything we use. Risks aside, remote management tools
are often used by Managed Service Providers (MSPs), helping businesses of all
sizes. Considering what’s best for your business is essential before committing
to a decision.
To avoid being another statistic having a robust Remote Monitoring
system in place is critical. With real-time monitoring of systems, levels of
security are in place and kept updated. Though it’s not perfect and breaches
still do occur, taking the necessary steps and going beyond that will keep
information safe. This can depend on the tool used, how that information is
kept safe and the measures an MSP takes to ensure this service is safe. Eventually,
either RMM tools will evolve, or be eliminated as a common practice.
Using Remote Monitoring and Management
The video attached to the blog will go into these steps and
explain a bit about the process behind the use of an RMM. Some features are not
available in the demo provided by https://github.com/amidaware/tacticalrmm
due to the nature of how an RMM works
Figure 2: Features of tactical RMM, from https://github.com/amidaware/tacticalrmm
When connecting to an RMM the common practice is to connect using RPC over HTTPS (remote procedure call over HTTPS). This is a secure method in which a client can connect to the service over a website. Looking at the Tactical RMM we are greeted with a login screen. When credentials are entered, and you hit the login button an MFA token is then requested.
Figure 3: Showing login, with MFA
Upon entering the RMM information is displayed readily. Allowing
for quick recognition of states of machines on networks. Divided into clients
(companies), locations, names, and descriptions. For this example, it would be
relatively small for a Managed Service Provider which can often handle 100s of
customers.
Figure 4: Showing the dashboard upon login
Now being an open-source application, it provides most of
the essential services of an RMM. Allowing me to demonstrate some of the
functionality that can be provided. This
is shown directly below the initial dashboard.
Figure 5:Showing options of what you can do for each site's
server
Listed below the server list are options to perform checks,
tasks, patches, and install/update software. Depending on the option selected
you are provided with a list of options below. For this example, it will be
looking at the software option on the Company 3 / LA Office 3 server.
Figure 6: Showing software tab.
Here currently we can see a list of all installed software. Provided
is a search tool, with the download as a CSV in the top right. To the left,
there is also a button to install new software. Upon clicking the install
software there is another menu that appears with a list and search menu. A more
detailed explanation is in the video.
With each of these tabs, there are different lists as to
what can be done. Even with a glance, we can see that an RMM tool provides a
lot of options and things that can be completed. So, depending on what you wish
to accomplish it can be quickly accessed. Providing both simplistic designs
with information readily available. This is only a small portion of what an RMM
is capable of, many offer complex tools, and charts paired with live updates.
Demo Video using Tactical RMM
Other features worth noting
Visual Aid
Some features not shown in this demo that frequently appear on other RMM tools is the live feed supported with visual aid. These could be shown in charts, performance statistics and hardware availability.
In this image from Datto, we can see the information available
in graphs and colour-coded. This provides the visual aid mentioned above,
allowing for quick reference without having to look deeper into the server.
SMART Disk Monitoring
The SMART disk allows for notifications to be sent when
drives are almost full, about to fail or have met a set quota. This allows for predictive
measurements to be applied. Before it becomes an issue, drives can be cleared, copied,
or adjusted. This helps to prevent issues where software isn’t updated due to
low disk space. Other routine maintenance such as disk defragment can be
scheduled to run on set intervals depending on a company’s preference. Setting
a drive’s estimated failure point will help to maintain the service and replace
it as necessary. RMM tools help to keep all this information in one specific place
for easy navigation depending on what you wish to accomplish.
In Summary
Remote Monitoring tools are still a vital tool in today’s IT
environment. Being able to control, monitor, maintain and apply updates on one
interface has its draws. Many consider the trade-offs to be worthwhile applying
to a business of any size. Correct usage
and upkeep can help to ensure a company’s needs are met. Providing a secure and
dependable resource that helps to scale as you require it.
References
Amidaware, “Amidaware/TACTICALRMM: A Remote Monitoring & Management Tool, built with Django, Vue and go.,” GitHub. [Online]. Available: https://github.com/amidaware/tacticalrmm. [Accessed: 06-Apr-2022].
L. Whitney, T. R. Staff, S. Matteson, M. W. Kaelin, J. Wallen, B. Miles, and B. Stone, “How an 8-character password could be cracked in less than an hour,” TechRepublic, 07-Mar-2022. [Online]. Available: https://www.techrepublic.com/article/how-an-8-character-password-could-be-cracked-in-less-than-an-hour/#:~:text=Due%20to%20the%20progress%20in,just%2031%20seconds%20in%202022. [Accessed: 06-Apr-2022].
NortonOnline, “Are password managers secure?,” Norton. [Online]. Available: https://us.norton.com/internetsecurity-privacy-password-manager-security.html#:~:text=Password%20managers%20provide%20strong%20encryption,to%20protect%20its%20sensitive%20data. [Accessed: 09-Apr-2022].
Rob Sobers Rob Sobers is a software engineer specializing in web security and is the co-author of the book Learn Ruby the Hard Way., R. Sobers, Rob Sobers is a software engineer specializing in web security and is the co-author of the book Learn Ruby the Hard Way., R. Sobers, and By, “81 ransomware statistics, data, trends and facts for 2021,” Varonis. [Online]. Available: https://www.varonis.com/blog/ransomware-statistics-2021. [Accessed: 09-Apr-2022].
J. Greig, “Average ransomware payment for US victims more than $6 million, survey says,” ZDNet, 09-Nov-2021. [Online]. Available: https://www.zdnet.com/article/average-ransomware-payment-for-us-victim-more-than-6-million-mimecast/#:~:text=Of%20that%2080%25%2C%2039%25,paying%20an%20average%20of%20%246%2C312%2C190. [Accessed: 09-Apr-2022].
J. C. Reporter, “Average ransomware demands surge by 518% in 2021,” Infosecurity Magazine, 09-Aug-2021. [Online]. Available: https://www.infosecurity-magazine.com/news/ransomware-demands-surge-2021/. [Accessed: 09-Apr-2022].
D. Sobel, “After Kaseya attack, msps should rethink RMM Practices,” SearchITChannel, 23-Jul-2021. [Online]. Available: https://www.techtarget.com/searchitchannel/post/After-Kaseya-attack-MSPs-should-rethink-RMM-practices. [Accessed: 09-Apr-2022].
“Cloud RMM software for MSPs: Datto Remote Monitoring and Management,” Cloud RMM Software for MSPs | Datto Remote Monitoring and Management. [Online]. Available: https://www.datto.com/products/rmm/. [Accessed: 09-Apr-2022].
Comments
Post a Comment