2 Replies Latest reply on Mar 21, 2011 3:37 PM by joeleisenlipz

    ePO console security question

      Hello,

       

      Your thoughts would be appreciated. I have been asked to investigate if it is possible to only allow secure access to the ePO console from dedicated and identified terminals. Therefore not everyone with administrator access can RDP into the console from where ever.

       

      Is it reasonable to have an IPSec policy that only responds to requests from an RDSH proxy?

       

      TIA

       

      Hippy

        • 1. Re: ePO console security question

          hippy wrote:

           

          Hello,

           

          Your thoughts would be appreciated. I have been asked to investigate if it is possible to only allow secure access to the ePO console from dedicated and identified terminals. Therefore not everyone with administrator access can RDP into the console from where ever.

           

          Is it reasonable to have an IPSec policy that only responds to requests from an RDSH proxy?

           

          TIA

           

          Hippy

           

           

          I would assume this question is related to ePO server HBSS

           

          The component that you should be looking at is the HIPS component I would suggest your run it on learning mode and try ro RDP to it and then check the ports blocked applications accessed from ur clients and allow them through the tight HIPS component  e.g. Firewall rules  - application blockings etc

           

          You might want to try to look at the ePO manual  to check on how you be able to configure it

           

          Message was edited by: allamiro on 3/21/11 12:08:36 PM CDT

           

          Message was edited by: allamiro on 3/21/11 12:09:44 PM CDT
          • 2. Re: ePO console security question
            joeleisenlipz

            I would say that this, like anything else, could be accomplished multiple ways. Certainly HIPS or IPSec policies could be used to restrict access either from the unauthorized systems, to the ePO console, or both.

             

            It might be helpful to understand why. Are you concerned about somone already on the network identifying the ePO server? Maybe it's about someone trying to brute force an ePO user account? Do you live in a bad part of town and suffer the same paranoia as me?