Our security team is complaining about the admin account we use to push out deployments in Kaseya - they rightly suggest that if the account were compromised then the hacker would have access to every endpoint.
Does anyone have any suggestions on how we can make this more secure - other that changing the password regularly?
Is 2FA an option for your company?
It is, but I am intrigued as to how this would fit in with Kaseya?
Depends - are you talking about the Kaseya user account that you use to access the VSA? Or a domain level account that is assigned to the endpoints as the agent credential?
For the first option, Kaseya supports 2FA with Authanvil.
If you are talking about a single domain/site using a single set of credentials across that site for installation and other managed services related tasks, I am not sure why that would be riskier than a given administrator account.
If you are talking about a single set of credentials across a multibusiness, multisite customer base, I agree with your security team. Each customer needs a unique set of credentials.
I agree with Kristin Muntz as to a compromised Domain Admin account.
To prevent a pivot attack from a compromised workstation you should segment(and differ) local accounts password from Domain accounts. Each new organization would have a domain account that is a member of the Local Administrators group on the local systems along with a local account that is also an administrator. Utilize the local account for KSDU.
Sorry I should have made it clear that it's a local admin account I use for KSDU.
Has anyone had a better solution? I know this is two years old but I'm running into the same issue. The only thing I can add is restricting RDP logon access for the account used.
Denying logon locally (my first choice) doe snot allow the credentials to pass.