Tuesday, December 12, 2023

Securing MSP tools is an increasingly challenging task. Back in the old days, basic IP restrictions were enough for reasonable security -- but they are becoming less effective as the landscape changes.

40-year-old technology protecting your MSP?

Today's MSP has staff that work remotely and likely clients using their remote access tools -- and managing all the IP lists can be a challenge, especially when there are multiple applications and utilities that need to be configured -- not to mention dynamic IP addresses. It's also an all-or-nothing technology, which is less than ideal when granular access is desired.  The IP ACL has served us well at the network layer for almost 40 years -- but it needs supplemental help from a layer 7 technology: the reverse proxy.

Reverse proxies: the best of both worlds

A reverse proxy is best thought of as an HTTP router: it directs traffic based on the desired destination and a set of rules. It can take layer 4 rules and combine them with layer 5-7 conditions for maximum effectiveness. A common example would be allowing vendor integration access either by IP address or identification headers (every integrator in the ConnectWise ecosystem  has one). This allows seamless access for vendor integrations if a particular vendor doesn't use static IP addresses.

Additionally, other security layers can be integrated into the reverse proxy layer. Everything from protocol hardening to WAF deep inspection can be integrated into reverse proxies. This can be helpful as MSPs have increasing security and governance requirements. If company policy states that a certain web browser must be used to access company tools, enforcing that policy on each web server is exceedingly difficult. However, a simple proxy ACL can provide the technical control for policy enforcement for all proxied applications.

Closing the gaps

Automation Theory can help MSPs modernize their tool stack security. Reverse-Proxy-as-a-Service provides a drop-in solution providing 8+ different security controls in a single implementation. Initial setup takes less than 15 minutes and is purpose-built for MSP workflows and requirements. Give it a try  today!   

 
"The term 'ConnectWise' is a trademark of ConnectWise, LLC. This application uses the ConnectWise API but is not a ConnectWise product or service and is licensed separately from ConnectWise products and services."