Hi -- I'm piloting the RDS Knight protections, specifically endpoint protection and device control.
With device control, it appears that the admin account is whitelisted, which means that any device can be used to connect and use the admin account. That seems to be a security hole that needs to be plugged.
Are there any additional protections that I can put in place to compensate for this ? For example: Two-Factor authentication would ensure that it really is the Admin connecting, and not a hacker; Or something else ?
Thanks !
RDS - Knight: Protecting Whitelisted user accounts
Re: RDS - Knight: Protecting Whitelisted user accounts
Hello,
You are right, users in the RDS-Knight whitelist are not restricted on their device even when device control is enabled.
Remove the administrator from RDS-Knight whitelist would fix this issue, but might prove risky (blocking your own admin user would not be that good).
Regarding 2FA, we have a 2FA TSplus add-on planned in our end-of-2018 roadmap.
You are right, users in the RDS-Knight whitelist are not restricted on their device even when device control is enabled.
Remove the administrator from RDS-Knight whitelist would fix this issue, but might prove risky (blocking your own admin user would not be that good).
Regarding 2FA, we have a 2FA TSplus add-on planned in our end-of-2018 roadmap.
Adrien
TSplus CTO
TSplus CTO