MeshCentral - Anyone tried this?

IRJ

@JaredBusch said in MeshCentral - Anyone tried this?:

@IRJ said in MeshCentral - Anyone tried this?:

@JaredBusch said in MeshCentral - Anyone tried this?:

@IRJ said in MeshCentral - Anyone tried this?:

@Grey said in MeshCentral - Anyone tried this?:

@JaredBusch said in MeshCentral - Anyone tried this?:

@Grey said in MeshCentral - Anyone tried this?:

Does the software establish a connection outside the managed network or do you have to vpn to the network to reach the management server?

It all runs on HTTPS connections.

I asked if I need to be on the highway to get to my destination, or if I can take surface streets and you told me to use snow tires. WTF?

I mean it's up to you how you want to design it. I would say putting it behind a VPN is the smart way to do it. Like mentioned earlier, it isn't necessary. However, it greatly reduces your attack surface.

What attack surface? The only thing you access is the web interface.

That's still a surface. Why even let attackers get to a management server to attempt a brute force or DoD?

And that is different from letting an attacker attempt to brute force or DoS a VPN?

You always have an open port to come in.

That is true, but it doesn't reveal what's behind it. Something like mesh central would be something an attacker would be interested in, but if it's behind your VPN sever they have no clue its even there.

scottalanmiller

@IRJ said in MeshCentral - Anyone tried this?:

@JaredBusch said in MeshCentral - Anyone tried this?:

@IRJ said in MeshCentral - Anyone tried this?:

@JaredBusch said in MeshCentral - Anyone tried this?:

@IRJ said in MeshCentral - Anyone tried this?:

@Grey said in MeshCentral - Anyone tried this?:

@JaredBusch said in MeshCentral - Anyone tried this?:

@Grey said in MeshCentral - Anyone tried this?:

Does the software establish a connection outside the managed network or do you have to vpn to the network to reach the management server?

It all runs on HTTPS connections.

I asked if I need to be on the highway to get to my destination, or if I can take surface streets and you told me to use snow tires. WTF?

I mean it's up to you how you want to design it. I would say putting it behind a VPN is the smart way to do it. Like mentioned earlier, it isn't necessary. However, it greatly reduces your attack surface.

What attack surface? The only thing you access is the web interface.

That's still a surface. Why even let attackers get to a management server to attempt a brute force or DoD?

And that is different from letting an attacker attempt to brute force or DoS a VPN?

You always have an open port to come in.

That is true, but it doesn't reveal what's behind it. Something like mesh central would be something an attacker would be interested in, but if it's behind your VPN sever they have no clue its even there.

Except VPNs are far better known and more "interesting". Nothing says "I've got something to hide that I think is valuable" like a VPN. VPNs are big advertisers that someone believes they have something worth something.

IRJ

@scottalanmiller said in MeshCentral - Anyone tried this?:

@IRJ said in MeshCentral - Anyone tried this?:

@JaredBusch said in MeshCentral - Anyone tried this?:

@IRJ said in MeshCentral - Anyone tried this?:

@JaredBusch said in MeshCentral - Anyone tried this?:

@IRJ said in MeshCentral - Anyone tried this?:

@Grey said in MeshCentral - Anyone tried this?:

@JaredBusch said in MeshCentral - Anyone tried this?:

@Grey said in MeshCentral - Anyone tried this?:

Does the software establish a connection outside the managed network or do you have to vpn to the network to reach the management server?

It all runs on HTTPS connections.

I asked if I need to be on the highway to get to my destination, or if I can take surface streets and you told me to use snow tires. WTF?

I mean it's up to you how you want to design it. I would say putting it behind a VPN is the smart way to do it. Like mentioned earlier, it isn't necessary. However, it greatly reduces your attack surface.

What attack surface? The only thing you access is the web interface.

That's still a surface. Why even let attackers get to a management server to attempt a brute force or DoD?

And that is different from letting an attacker attempt to brute force or DoS a VPN?

You always have an open port to come in.

That is true, but it doesn't reveal what's behind it. Something like mesh central would be something an attacker would be interested in, but if it's behind your VPN sever they have no clue its even there.

Except VPNs are far better known and more "interesting". Nothing says "I've got something to hide that I think is valuable" like a VPN. VPNs are big advertisers that someone believes they have something worth something.

So what? Now you have to break into the VPN and mesh central. It makes it harder for an attacker.

Breaking into the VPN doesn't net you much if your traffic is encrypted internally, in fact you are in the same spot as having all your valuable assets public facing.

VPN is easy to implement with minimal hardware in an immutable fashion and gives you an extra layer of defense that is quite difficult to breach.

scottalanmiller

I just counted. Our is up to 343 users on it now! Just a tad bit of use there.

pmoncho

@scottalanmiller said in MeshCentral - Anyone tried this?:

I just counted. Our is up to 343 users on it now! Just a tad bit of use there.

Awesome.

I am only up to 140 myself. Still running beautifully on a vultr $5 Ubuntu instance.

dmacf10

220 agents on mine running in a Vultr instance. Working flawlessly for well over a year now.

scottalanmiller

@pmoncho said in MeshCentral - Anyone tried this?:

@scottalanmiller said in MeshCentral - Anyone tried this?:

I just counted. Our is up to 343 users on it now! Just a tad bit of use there.

Awesome.

I am only up to 140 myself. Still running beautifully on a vultr $5 Ubuntu instance.

140 users?

scottalanmiller

@dmacf10 said in MeshCentral - Anyone tried this?:

220 agents on mine running in a Vultr instance. Working flawlessly for well over a year now.

We have thousands of agents. It's the number of users that I'm surprised by.

pmoncho

@scottalanmiller

I misread that. Yeah only 140 agents.

Apparently I am far behind.

dmacf10

@scottalanmiller Only 10 users on mine but it is great to hear that it scales up well beyond my current needs. Glad I ran across your original post on here about MC and decided to give it a try.

Dashrender

LOL - 5 users on my, around 15 agents.

scottalanmiller

@pmoncho said in MeshCentral - Anyone tried this?:

@scottalanmiller

I misread that. Yeah only 140 agents.

Apparently I am far behind.

We use it pretty extensively

syko24

@scottalanmiller said in MeshCentral - Anyone tried this?:

@pmoncho said in MeshCentral - Anyone tried this?:

@scottalanmiller

I misread that. Yeah only 140 agents.

Apparently I am far behind.

We use it pretty extensively

@scottalanmiller - Just curious are you still using Tactical or just Mesh these days? I've been playing around with Tactical internally and definitely a great solution. I know you mentioned a while back you were using that and Mesh separate from each other.

scottalanmiller

@syko24 said in MeshCentral - Anyone tried this?:

@scottalanmiller said in MeshCentral - Anyone tried this?:

@pmoncho said in MeshCentral - Anyone tried this?:

@scottalanmiller

I misread that. Yeah only 140 agents.

Apparently I am far behind.

We use it pretty extensively

@scottalanmiller - Just curious are you still using Tactical or just Mesh these days? I've been playing around with Tactical internally and definitely a great solution. I know you mentioned a while back you were using that and Mesh separate from each other.

We use both. Tactical has been pretty good. Definitely use Mesh 90% of the time and Tactical just 10%. But it has been a good tool and we like it.