https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

Security


Shutterstock

cloaked hacker

Researcher Claims N-able Workgroup Guideline Exposes MSPs to Security Risk

  • Written by Edward Gately
  • October 29, 2021
N-able says only a small number of MSPs are at risk.

Fundamental Cyber says N-able, the spinoff of SolarWinds’ MSP business, is undoing Microsoft’s built-in protections.

According to the Sweden-based company, N-able is recommending MSPs eliminate security safeguards, therefore exposing them to potentially devastating cyberattacks.

Fundamental Cyber is not a Solarwinds or N-able competitor. It just came across the N-able security flaws while conducting research.

In the aftermath of last year’s massive supply chain attack, SolarWinds said it was beefing up its security to better protect itself and its customers.

Sudhakar Ramakrishna is SolarWinds’ president and CEO. Back in March, he had this to say:

SolarWinds' Sudhakar Ramakrishna

SolarWinds’ Sudhakar Ramakrishna

“We’ve added a level of security and review through tools, processes, automation and, where necessary, manual checks around our product development processes that we believe goes well beyond industry norms to ensure the integrity and security of all of our products. We firmly believe that the Orion software platform and related products, as well as all of our other products can be used by our customers without risk of the Sunburst malicious code.”

However, Fundamental Cyber’s research claims N-able‘s guidelines around Workgroup environments are putting MSPs at risk.

Fundamental Cyber assists companies with data protection, privacy law compliance and incident reporting.

David Williams is co-founder of Fundamental Cyber.

Foundational Cyber's David Williams

Fundamental Cyber’s David Williams

“The big picture is that N-able, which is meant to protect you, meant to protect your company, to add another level of protection, is actually undoing all of the built-in protection,” he said. “So they’re taking the most fundamental things that Microsoft puts there and disabling them, and then they’re using all the worst practices, like not just sharing a password and a username, but actually setting all of the computers at an administrator level. So they all have the power to do a lot of harm.”

Lewis Pope is head security nerd for N-able.

“As a documented best practice, N-able advises MSPs deploy agents directly to each workstation rather than use probes in a Workgroup environment,” he said. “There is an extremely small number of MSP customers who are not leveraging Active Directory (AD), and for them we make explicit in our documentation that we do not recommend using probes. MSPs who do not follow this best practice recommendation are knowingly taking a risk.”

N-central Probe Instructions

N-central is N-able‘s flagship remote monitoring and management solution for MSPs. The instructions for setting up a probe in a Workgroup includes the following:

Before installing a probe in a Workgroup:

  • Ensure that all the computers in the workgroup have an administrator account with the same username and password.
  • Ensure that the password has no expiry.
  • The account cannot be a member of any other group other than administrators.
  • Login to each computer on the workgroup using this account at least once.
  • Disable user access control (UAC) for this account as it can interfere with Windows Management Instrumentation (WMI) queries from the probe.

Matthew Carr is co-founder of Fundamental Cyber.

Foundational Cyber's Matthew Carr

Fundamental Cyber’s Matthew Carr

“A probe is essentially a bit of software that sits on each machine or server,” he said. “What it’s asking you to do here is ensure that all the computers have an administrator account with the same username and password. That right there means that now if I’ve got access to one, I have access to all. Secondly, there are no password expiries. Arguably, if I’ve got access now, in five years it’s still going to work and I’m still going to access all of the machines in the organization. The account must be an administrator.”

The worst part is disabling UAC for the account, Carr said.

“Microsoft‘s guides will tell you that UAC is a fundamental component of Microsoft’s overall security vision to mitigate the impact of malware,” he said. “So straight out of the gate, you just installed your first probe and you’ve disabled one of the most fundamental parts of Microsoft’s security.”

N-able points out that below the instructions, it states “we do not recommend using the probe to deploy in a Workgroup due to the number of file sharing and permission issues in a Workgroup that can interfere with the probe’s ability to push agents.”

N-able also said the instructions have since been updated.

Remote Code Access

In October alone, there were more than 21 Microsoft Word remote code execution vulnerabilities, Carr said.

“That doesn’t include all the ones that are sold by zero-day brokers to governments,” he said. “That doesn’t include the ones that are sat on by organized criminals or hackers. There are 21 ways that I can execute code remotely on your Windows machines.”

Several of these vulnerabilities affect …

  • Page 1
  • Page 2
Tags: MSPs Best Practices RMM/PSA Security Strategy

Most Recent


  • New direction
    Deal to Buy Unify from Atos Seals New Direction for Mitel, CEO Explains
    The deal also includes a role for RingCentral.
  • Momentum
    Microsoft Security Now $20 Billion Business with 'Tremendous Momentum'
    One analyst says there's few legitimate obstacles in its path for further growth.
  • Intelisys Pre-AMP'd Marketing Forum
    Intelisys, Suppliers, Agents Take Aim at the Partner Marketing Gap
    Marketing is historically a second thought for the sales-focused world of technology advisors.
  • Layoffs
    IBM and SAP Are the Latest to Announce Layoffs, SAP to Shop Qualtrics
    IBM Will Cut 3,900 employees, while SAP plans to eliminate 3,000 jobs.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Globe security
    2021 SMB IT Security Report
  • Cyber threats cyber range
    Building a Cybersecurity Risk Assessment Plan
  • Again this may seem obvious but many developers are passionate about what they do and love to create their own systems This is fine if what is being developed is a part of the core business offering but a bespoke system that tracks employee vacation days Not the best way to spend development timeEvery company will have a different approach to the build versus buy dilemma but it is critical to focus on the things that customers want and that are going to make you money LaCour saysnbsp
    Employee Training: Cybersecurity 101
  • smb security
    Why SMBs, Not Just Large Businesses, are Targets for Cyber Attacks

Upcoming Events

View all

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Galleries

View all

Deal to Buy Unify from Atos Seals New Direction for Mitel, CEO Explains

January 26, 2023

Intelisys, Suppliers, Agents Take Aim at the Partner Marketing Gap

January 26, 2023

Ivanti: Everyone Should be Concerned About ChatGPT and Cybersecurity

January 25, 2023

Industry Perspectives

View all

Make the Most of the Gift of Time in 2023

January 25, 2023

Strong Partnerships Ease Challenging UPS Upgrade

January 24, 2023

The Advantages of Managed Networking and Security During Economic Uncertainty

January 5, 2023

Webinars

View all

Next-Generation MSP Platform: The Building Blocks for Your Business

February 15, 2023

Security Secrets of the MSP 501: How to Be a Cyber Leader in 2023

December 15, 2022
  • 1

Cybersecurity Certifications: Their Evolving Role in the Fight Against Increasing Attacks

December 13, 2022

White Papers

View all

Overcoming Your Endpoint Security Limitations with a Skeleton Crew

October 25, 2022

Embracing the Zero Trust Mindset For Endpoints

October 24, 2022

Endpoints are the Destination

October 24, 2022

Channel Futures TV

View all

Coffee with Craig and James Episode 117: Cato Networks, Video Killed the Podcast Stars

Retired Astronaut Capt. Scott Kelly Previews His CP Expo Keynote

December 21, 2022

Fusion Connect Eyes Future with Intrado UC, Managed Network Customers

September 23, 2022

RingCentral Focused on Hybrid Work, Microsoft Teams, Other Integrations

September 23, 2022

Twitter

ChannelFutures

The CEO of @Mitel discusses the likely outcomes of buying @Atos Unify. Note: @RingCentral will play a role post acq… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@msftsecurity surpasses $20 billion in annual revenue, analysts say it's a formidable #cybersecurity market conten… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

The adoption of cloud-based services ☁️ has spiked in the last few years and is among the top growth segments. See… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

[email protected], @NICECXone, @lumencpp, @CiscoPartners joined @IntelisysCorp and partners for a day of marketing worksho… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@IBM and @SAP announce #layoffs of thousands of employees dlvr.it/ShV2VY https://t.co/7QK1YqVpwa

January 26, 2023
ChannelFutures

#MSPs can boost #Channel business if they personalize the #DigitalExperience for partners, says @AvePoint.… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

Consider mental health in the context of DE&I. Create safe spaces where employees can feel comfortable being who th… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@GoIvanti's CSO says #ChatGPT poses numerous cybersecurity concerns. dlvr.it/ShRmdt https://t.co/n22RZ4PZaO

January 25, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X