Managing roaming users from a central point has always been daunting. Enterprises found it easy when they had to manage devices inside a network. Having firewalls on either side of the boundaries and restricting susceptible APIs and network packets, businesses found it convenient to manage their devices.
Is this a realistic scenario today?
Enterprises are evolving. Work patterns have inclined towards modern approaches. Hybrid work patterns are the encouraged mode for working. In such scenarios, businesses must deal with devices that are connected via the internet. And the internet has become a dangerous place now that cyberattacks are increasing in frequency and scope.
In the past, a man-in-the-middle (MITM) attack was the most common approach for stealing an organization’s data and eroding its reputation.
Do you think you’re protected from MITM attacks?
When your device connects to a server exposed to the internet, the chance of a MITM attack, and a subsequent data breach, is greatly increased.
Odds are you will need to manage some devices over the internet. A question arises here: How do you manage those devices effectively or securely? Enforcing the right security policies in the right place will help you overcome this issue. ManageEngine Endpoint Central (formerly Desktop Central)offers a security solution to prevent these types of attacks. Endpoint Central comes with a component called the Secure Gateway Server that aids in the management of devices over the internet.
The Secure Gateway Server will ensure that the communication between the Endpoint Central Server and devices over the internet takes place securely, with all security protocols intact. This initiative aims to give our users the confidence that the maximum security standards are enforced while they manage devices over the internet.
Situations where the Secure Gateway Server will come in handy
The Secure Gateway Server can be used when you have devices to be managed in a different location or you have devices that connect to the Endpoint Central Server via the internet. A few possibilities where communication takes place via the internet are:
- When hybrid work culture is encouraged.
When your managed devices are carried to different places.
When your organization has a remote office or multi-office setup.
When you want to manage mobile devices.
The Secure Gateway Server is recommended for businesses that encourage employees to work remotely or change locations frequently. When a device moves out of your local network, it enters the open internet. If not properly managed, this device may turn out to be a threat.
Recent cybersecurity attacks convey the fact that leveraging third-party or unknown APIs to carry out communication between the devices in your network leads to most attacks. The Secure Gateway Server allows you to approve APIs, protecting your enterprise from threats.
Secure Gateway Server: An overview
The Secure Gateway Server is a security component placed between the Endpoint Central Server and the agents or the Distribution Server. It acts as an intermediate server that transfers requests from clients to the Endpoint Central Server.
The Endpoint Central Server is placed inside a private network, where connections are bound by firewalls and protocols. If an external device wants to make a connection with a server placed inside this network, it must go through the Secure Gateway Server.
It is not mandatory to send requests to the Secure Gateway Server, but if you wish to manage external devices securely, you should mount the Secure Gateway Server.
The workings of the Secure Gateway Server
The Endpoint Central Server, being a vital component, cannot be placed as an edge device or exposed to the internet. To protect this server, the Secure Gateway Server is exposed to the internet instead. Requests from the agents are forwarded to the Endpoint Central Server by the Secure Gateway Server. Besides this, the Secure Gateway Server filters the requests to ensure no malicious communication happens via the internet, helping to minimize downtime.
With this setup, securely managing devices over the internet is easy. Download now!
Secure Gateway Server architecture
The Secure Gateway Server is located inside a demilitarized zone, or DMZ. When an agent initiates a request, the network packets reach the Secure Gateway Server via the internet. Inside the DMZ, the Secure Gateway Server qualifies the received request and ensures that it is true and valid. Once validation is done, the Secure Gateway Server forwards the request to the Endpoint Central Server. The response is also carried forward through the Secure Gateway Server. The Secure Gateway Server will also make sure that requests from roaming users reach the Endpoint Central Server.
The Secure Gateway Server supports AS2, FTP, FTPS, HTTP, HTTPS, SFTP, and SCP. It is also equipped with firewalls that govern the communication. The number of firewalls determines the level of security. In general, dual firewalls are utilized to achieve minimum downtime and maximum efficiency.
In a single-firewall architecture, only one firewall is placed between the Secure Gateway Server and the external network.
For a dual-firewall architecture, two firewalls are placed between the Secure Gateway Server and the external network.
With this series of security components in place, it’s easier for IT admins to manage their organization’s roaming users that connect via the internet.
Prerequisites for the Secure Gateway Server
The Secure Gateway Server runs on the Windows Operating system and can be mounted on a dedicated machine. To achieve communication, the admin must map the Endpoint Central Server’s private IP address to the Secure Gateway Server’s public address. This mapping is done to forward requests from the agent to the Endpoint Central Server. A detailed procedure on how to configure the Secure Gateway Server in your network is available on our website.
With the Secure Gateway Server, IT admins can manage their roaming devices from a single console more effectively and securely. To get hands-on experience with the Secure Gateway Server, try the 30-day trial of Endpoint Central for free.