Replies: 2 comments
-
|
If you clone your computer with an agent, the server will not know the difference. Each agent has its own individual authentication so you could delete the agent from the server side which would stop it from communicating. |
Beta Was this translation helpful? Give feedback.
-
|
Your design should assume agent compromise and not affect the RMM server. At the end of the day, authentication...identifying a user/machine...is about knowing something secret. Usually id/pass, passkey or any other proof, and once validated is swapped out with an auth token of some kind. The token/API key stands in for that auth proof and what is used regularly with all subsequent data exchanges. Get the token, become the thing. |
Beta Was this translation helpful? Give feedback.
-
I am working on my own RMM just for fun but I can't figure out how to securely verify that a host is really who it says it is. I am concerned that a malicious actor could take the end agent and then modify it to spoof the device on a separate machine. From there a adversary could steal a machine.
Beta Was this translation helpful? Give feedback.
All reactions