Skip to content

How can we improve the SMA?

← KACE Systems Management Appliance (SMA)

Disable server-status page

Currently if you go to the SMA site page /server-status (kbox.domain.com/server-status) it will tell you that access is denied due to a lack of permissions. There should be an option to completely disable this page from visibility. This is most important to customers like us who host the appliance externally. Attackers could scan our domain and see that there is an Apache server active at the address and could plan a more focused attack against it.

We only host our appliance externally so that workers with endpoints at home and abroad are able to still be managed by the SMA. We do not allow for external connections to log in to the web console.

1 vote
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Gregg shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Andy Flesner commented  ·   ·  Report

    If you host your appliance externally for endpoints only, then you can completely block UI access by utilizing the new external agent listening port in SMA 11.0.

    To clarify, we did lock down the server-status page in 10.1, but it will still return a 403 permission denied error. It is not accessible by any UI user, not even administrators.

KACE Systems Management Appliance (SMA): Security

Categories

Feedback and Knowledge Base

(thinking…)