Goodbye hardware monitoring on HPE Gen10 and newer equipment running ESXi

Dashrender

@pete-s said in Goodbye hardware monitoring on HPE Gen10 and newer equipment running ESXi:

@dashrender said in Goodbye hardware monitoring on HPE Gen10 and newer equipment running ESXi:

I agree, in this day and age - that's super risky, i.e. you get compromised and all of your customers are now compromised.

though just because you have 100 passwords, one for each client, that info has to be stored somewhere and perhaps it would be compromised as well - and your clients are still compromised...

Risk has to be managed but it's not more risky having 100 customers with one server each on-prem than having 100 servers in one location.

Oh, I completely disagree. Now if you tell me all the creds for those 100 on prem servers are in one place, then I tend to agree with you, but if they aren't then they are a tiny bit, if not a lot more secure.
In this situation - it really comes down to them being managed by and MSP/ITSP that's the weak link.... If the MSP/ITSP is breached and the hackers get all the creds, be it one cred or 100 creds, then the customers are fooked either way.

1337

@dashrender said in Goodbye hardware monitoring on HPE Gen10 and newer equipment running ESXi:

@pete-s said in Goodbye hardware monitoring on HPE Gen10 and newer equipment running ESXi:

@dashrender said in Goodbye hardware monitoring on HPE Gen10 and newer equipment running ESXi:

I agree, in this day and age - that's super risky, i.e. you get compromised and all of your customers are now compromised.

though just because you have 100 passwords, one for each client, that info has to be stored somewhere and perhaps it would be compromised as well - and your clients are still compromised...

Risk has to be managed but it's not more risky having 100 customers with one server each on-prem than having 100 servers in one location.

Oh, I completely disagree. Now if you tell me all the creds for those 100 on prem servers are in one place, then I tend to agree with you, but if they aren't then they are a tiny bit, if not a lot more secure.
In this situation - it really comes down to them being managed by and MSP/ITSP that's the weak link.... If the MSP/ITSP is breached and the hackers get all the creds, be it one cred or 100 creds, then the customers are fooked either way.

I think I was a bit unclear.

What I mean is VPN is just an extension of the LAN. So 100 physically spread but centrally managed servers have the same risk as 100 servers in the same location managed locally.

If the managing thingy is compromised, then every server is potentially compromised as well.

If you on the other hand have a 100 servers physically spread and managed locally and not centrally, well than the risk is a lot smaller. But you don't get any of the benefits of central management either or economies of scale.

As you said it's the central management from the MSP/ITSP that's the weak link.

Dashrender

@pete-s said in Goodbye hardware monitoring on HPE Gen10 and newer equipment running ESXi:

@dashrender said in Goodbye hardware monitoring on HPE Gen10 and newer equipment running ESXi:

@pete-s said in Goodbye hardware monitoring on HPE Gen10 and newer equipment running ESXi:

@dashrender said in Goodbye hardware monitoring on HPE Gen10 and newer equipment running ESXi:

I agree, in this day and age - that's super risky, i.e. you get compromised and all of your customers are now compromised.

though just because you have 100 passwords, one for each client, that info has to be stored somewhere and perhaps it would be compromised as well - and your clients are still compromised...

Risk has to be managed but it's not more risky having 100 customers with one server each on-prem than having 100 servers in one location.

Oh, I completely disagree. Now if you tell me all the creds for those 100 on prem servers are in one place, then I tend to agree with you, but if they aren't then they are a tiny bit, if not a lot more secure.
In this situation - it really comes down to them being managed by and MSP/ITSP that's the weak link.... If the MSP/ITSP is breached and the hackers get all the creds, be it one cred or 100 creds, then the customers are fooked either way.

I think I was a bit unclear.

What I mean is VPN is just an extension of the LAN. So 100 physically spread but centrally managed servers have the same risk as 100 servers in the same location managed locally.

If the managing thingy is compromised, then every server is potentially compromised as well.

If you on the other hand have a 100 servers physically spread and managed locally and not centrally, well than the risk is a lot smaller. But you don't get any of the benefits of central management either or economies of scale.

As you said it's the central management from the MSP/ITSP that's the weak link.

aww, yeah, in that case, yep, we agree.

I think this will do nothing but make MSP's and ITSP's even more expensive, as you said, we need to loose the economy of scale for protection reasons.

dbeato

@dashrender However centrally managed doesn't mean site to site VPN. I don't get MSP that have site to site VPNs to their customers. It is not feasible to maintain, it is a high risk and very old school.

Dashrender

@dbeato said in Goodbye hardware monitoring on HPE Gen10 and newer equipment running ESXi:

@dashrender However centrally managed doesn't mean site to site VPN. I don't get MSP that have site to site VPNs to their customers. It is not feasible to maintain, it is a high risk and very old school.

of course it doesn't.

using a tool like ScreenConnect - having all customer machines in a single account - means SC's hacked, then ever client is hacked...