MeshCentral - Anyone tried this?
-
@Grey said in MeshCentral - Anyone tried this?:
@JaredBusch said in MeshCentral - Anyone tried this?:
@Grey said in MeshCentral - Anyone tried this?:
Does the software establish a connection outside the managed network or do you have to vpn to the network to reach the management server?
It all runs on HTTPS connections.
I asked if I need to be on the highway to get to my destination, or if I can take surface streets and you told me to use snow tires. WTF?
I mean it's up to you how you want to design it. I would say putting it behind a VPN is the smart way to do it. Like mentioned earlier, it isn't necessary. However, it greatly reduces your attack surface.
-
@IRJ said in MeshCentral - Anyone tried this?:
@Grey said in MeshCentral - Anyone tried this?:
@JaredBusch said in MeshCentral - Anyone tried this?:
@Grey said in MeshCentral - Anyone tried this?:
Does the software establish a connection outside the managed network or do you have to vpn to the network to reach the management server?
It all runs on HTTPS connections.
I asked if I need to be on the highway to get to my destination, or if I can take surface streets and you told me to use snow tires. WTF?
I mean it's up to you how you want to design it. I would say putting it behind a VPN is the smart way to do it. Like mentioned earlier, it isn't necessary. However, it greatly reduces your attack surface.
What attack surface? The only thing you access is the web interface.
-
@IRJ said in MeshCentral - Anyone tried this?:
@Grey said in MeshCentral - Anyone tried this?:
@JaredBusch said in MeshCentral - Anyone tried this?:
@Grey said in MeshCentral - Anyone tried this?:
Does the software establish a connection outside the managed network or do you have to vpn to the network to reach the management server?
It all runs on HTTPS connections.
I asked if I need to be on the highway to get to my destination, or if I can take surface streets and you told me to use snow tires. WTF?
I mean it's up to you how you want to design it. I would say putting it behind a VPN is the smart way to do it. Like mentioned earlier, it isn't necessary. However, it greatly reduces your attack surface.
My is setup behind a proxy and meshcentral is setup with 2FA.
-
@Dashrender said in MeshCentral - Anyone tried this?:
@scottalanmiller said in MeshCentral - Anyone tried this?:
We are adding users and devices like crazy as we switch more and more to MC. Here is our current status.
damn - 100 users??
Adding them FAST now, too.
-
@Grey said in MeshCentral - Anyone tried this?:
@black3dynamite said in MeshCentral - Anyone tried this?:
@Grey said in MeshCentral - Anyone tried this?:
Does the software establish a connection outside the managed network or do you have to vpn to the network to reach the management server?
It depends on how you setup MeshCentral and how lockdown your devices and/or network is.
With MeshCentral, you can set it up has a LAN only, WAN only or LAN+WAN (hybrid).
You can also restrict access via IP address for User or Agent.That's awesome. Thank you! I may have to eliminate TeamViewer.
That's exactly what we are doing.
-
@JaredBusch said in MeshCentral - Anyone tried this?:
@IRJ said in MeshCentral - Anyone tried this?:
@Grey said in MeshCentral - Anyone tried this?:
@JaredBusch said in MeshCentral - Anyone tried this?:
@Grey said in MeshCentral - Anyone tried this?:
Does the software establish a connection outside the managed network or do you have to vpn to the network to reach the management server?
It all runs on HTTPS connections.
I asked if I need to be on the highway to get to my destination, or if I can take surface streets and you told me to use snow tires. WTF?
I mean it's up to you how you want to design it. I would say putting it behind a VPN is the smart way to do it. Like mentioned earlier, it isn't necessary. However, it greatly reduces your attack surface.
What attack surface? The only thing you access is the web interface.
That's still a surface. Why even let attackers get to a management server to attempt a brute force or DoD?
-
@IRJ said in MeshCentral - Anyone tried this?:
@JaredBusch said in MeshCentral - Anyone tried this?:
@IRJ said in MeshCentral - Anyone tried this?:
@Grey said in MeshCentral - Anyone tried this?:
@JaredBusch said in MeshCentral - Anyone tried this?:
@Grey said in MeshCentral - Anyone tried this?:
Does the software establish a connection outside the managed network or do you have to vpn to the network to reach the management server?
It all runs on HTTPS connections.
I asked if I need to be on the highway to get to my destination, or if I can take surface streets and you told me to use snow tires. WTF?
I mean it's up to you how you want to design it. I would say putting it behind a VPN is the smart way to do it. Like mentioned earlier, it isn't necessary. However, it greatly reduces your attack surface.
What attack surface? The only thing you access is the web interface.
That's still a surface. Why even let attackers get to a management server to attempt a brute force or DoD?
And that is different from letting an attacker attempt to brute force or DoS a VPN?
You always have an open port to come in.
-
@JaredBusch said in MeshCentral - Anyone tried this?:
@IRJ said in MeshCentral - Anyone tried this?:
@JaredBusch said in MeshCentral - Anyone tried this?:
@IRJ said in MeshCentral - Anyone tried this?:
@Grey said in MeshCentral - Anyone tried this?:
@JaredBusch said in MeshCentral - Anyone tried this?:
@Grey said in MeshCentral - Anyone tried this?:
Does the software establish a connection outside the managed network or do you have to vpn to the network to reach the management server?
It all runs on HTTPS connections.
I asked if I need to be on the highway to get to my destination, or if I can take surface streets and you told me to use snow tires. WTF?
I mean it's up to you how you want to design it. I would say putting it behind a VPN is the smart way to do it. Like mentioned earlier, it isn't necessary. However, it greatly reduces your attack surface.
What attack surface? The only thing you access is the web interface.
That's still a surface. Why even let attackers get to a management server to attempt a brute force or DoD?
And that is different from letting an attacker attempt to brute force or DoS a VPN?
You always have an open port to come in.
That is true, but it doesn't reveal what's behind it. Something like mesh central would be something an attacker would be interested in, but if it's behind your VPN sever they have no clue its even there.
-
@IRJ said in MeshCentral - Anyone tried this?:
@JaredBusch said in MeshCentral - Anyone tried this?:
@IRJ said in MeshCentral - Anyone tried this?:
@JaredBusch said in MeshCentral - Anyone tried this?:
@IRJ said in MeshCentral - Anyone tried this?:
@Grey said in MeshCentral - Anyone tried this?:
@JaredBusch said in MeshCentral - Anyone tried this?:
@Grey said in MeshCentral - Anyone tried this?:
Does the software establish a connection outside the managed network or do you have to vpn to the network to reach the management server?
It all runs on HTTPS connections.
I asked if I need to be on the highway to get to my destination, or if I can take surface streets and you told me to use snow tires. WTF?
I mean it's up to you how you want to design it. I would say putting it behind a VPN is the smart way to do it. Like mentioned earlier, it isn't necessary. However, it greatly reduces your attack surface.
What attack surface? The only thing you access is the web interface.
That's still a surface. Why even let attackers get to a management server to attempt a brute force or DoD?
And that is different from letting an attacker attempt to brute force or DoS a VPN?
You always have an open port to come in.
That is true, but it doesn't reveal what's behind it. Something like mesh central would be something an attacker would be interested in, but if it's behind your VPN sever they have no clue its even there.
Except VPNs are far better known and more "interesting". Nothing says "I've got something to hide that I think is valuable" like a VPN. VPNs are big advertisers that someone believes they have something worth something.
-
@scottalanmiller said in MeshCentral - Anyone tried this?:
@IRJ said in MeshCentral - Anyone tried this?:
@JaredBusch said in MeshCentral - Anyone tried this?:
@IRJ said in MeshCentral - Anyone tried this?:
@JaredBusch said in MeshCentral - Anyone tried this?:
@IRJ said in MeshCentral - Anyone tried this?:
@Grey said in MeshCentral - Anyone tried this?:
@JaredBusch said in MeshCentral - Anyone tried this?:
@Grey said in MeshCentral - Anyone tried this?:
Does the software establish a connection outside the managed network or do you have to vpn to the network to reach the management server?
It all runs on HTTPS connections.
I asked if I need to be on the highway to get to my destination, or if I can take surface streets and you told me to use snow tires. WTF?
I mean it's up to you how you want to design it. I would say putting it behind a VPN is the smart way to do it. Like mentioned earlier, it isn't necessary. However, it greatly reduces your attack surface.
What attack surface? The only thing you access is the web interface.
That's still a surface. Why even let attackers get to a management server to attempt a brute force or DoD?
And that is different from letting an attacker attempt to brute force or DoS a VPN?
You always have an open port to come in.
That is true, but it doesn't reveal what's behind it. Something like mesh central would be something an attacker would be interested in, but if it's behind your VPN sever they have no clue its even there.
Except VPNs are far better known and more "interesting". Nothing says "I've got something to hide that I think is valuable" like a VPN. VPNs are big advertisers that someone believes they have something worth something.
So what? Now you have to break into the VPN and mesh central. It makes it harder for an attacker.
Breaking into the VPN doesn't net you much if your traffic is encrypted internally, in fact you are in the same spot as having all your valuable assets public facing.
VPN is easy to implement with minimal hardware in an immutable fashion and gives you an extra layer of defense that is quite difficult to breach.
-
I just counted. Our is up to 343 users on it now! Just a tad bit of use there.
-
@scottalanmiller said in MeshCentral - Anyone tried this?:
I just counted. Our is up to 343 users on it now! Just a tad bit of use there.
Awesome.
I am only up to 140 myself. Still running beautifully on a vultr $5 Ubuntu instance.
-
220 agents on mine running in a Vultr instance. Working flawlessly for well over a year now.
-
@pmoncho said in MeshCentral - Anyone tried this?:
@scottalanmiller said in MeshCentral - Anyone tried this?:
I just counted. Our is up to 343 users on it now! Just a tad bit of use there.
Awesome.
I am only up to 140 myself. Still running beautifully on a vultr $5 Ubuntu instance.
140 users?
-
@dmacf10 said in MeshCentral - Anyone tried this?:
220 agents on mine running in a Vultr instance. Working flawlessly for well over a year now.
We have thousands of agents. It's the number of users that I'm surprised by.
-
-
@scottalanmiller Only 10 users on mine but it is great to hear that it scales up well beyond my current needs. Glad I ran across your original post on here about MC and decided to give it a try.
-
LOL - 5 users on my, around 15 agents.
-
@pmoncho said in MeshCentral - Anyone tried this?:
I misread that. Yeah only 140 agents.
Apparently I am far behind.
We use it pretty extensively
-
@scottalanmiller said in MeshCentral - Anyone tried this?:
@pmoncho said in MeshCentral - Anyone tried this?:
I misread that. Yeah only 140 agents.
Apparently I am far behind.
We use it pretty extensively
@scottalanmiller - Just curious are you still using Tactical or just Mesh these days? I've been playing around with Tactical internally and definitely a great solution. I know you mentioned a while back you were using that and Mesh separate from each other.