Automate Server Best Practice Ticket
This document outlines the process of auditing and establishing hardening rules and policies for ConnectWise Automate servers based on the latest guidelines. It includes a detailed description of the variables involved, the processes executed, and the expected output, aimed at enhancing server security and compliance.
cPVAL Enable Reboot Prompts
Enables reboot prompts following TLS Hardening. Requires the Reboot Pending Prompt solution to be enabled in the environment.
cPVAL TLS Client Enabled
This stores the TLS Client Enabled state.
cPVAL TLS Hardening
Enables TLS hardening for workstations and servers. `Validate` identifies devices that require TLS hardening without making changes. `Enforce` applies hardening to devices flagged by Validate. `Validate` must be enabled for Enforce to work properly.
cPVAL TLS Server Enabled
This stores the TLS Server enabled.
cPVAL TLS SSL Hardening Required
This custom field is populated by the "Validate TLS SSL Hardening" script and flags devices that require TLS/SSL hardening to meet security best practices.
Enabled TLS Version Audit
This group shows the agents where the "TLS Enabled List Audit" script is executed to collect the enabled TLS versions audit list.
Enforce TLS SSL Hardening
This PowerShell script enforces TLS/SSL hardening by disabling insecure protocols (SSL 3.0, TLS 1.0, TLS 1.1) and removing specified weak TLS 1.2 cipher suites to strengthen system security and align with modern security standards.
Execute - Enforce TLS SSL Hardening - Servers
Triggers `Enforce TLS SSL Hardening` script on opted windows servers.
Execute - Enforce TLS SSL Hardening - Workstations
Triggers `Enforce TLS SSL Hardening`script on opted windows workstations.
Execute - Validate TLS SSL Hardening - Servers
Triggers `Validate TLS SSL Hardening` script on opted windows Servers.
Execute - Validate TLS SSL Hardening - Workstations
Triggers `Validate TLS SSL Hardening`script on opted windows servers.
Hardening ConnectWise Automate
This document outlines the best practices for hardening ConnectWise Automate, including user accounts, group policy edits, internet access considerations, and critical passwords. It also covers firewall settings and TLS configurations to enhance security.
Hardening ConnectWise ScreenConnect
This document outlines the best practices for hardening ConnectWise ScreenConnect, including user accounts, group policy edits, internet access considerations, and critical passwords. It also covers firewall settings and TLS configurations to enhance security.
TLS Client Enabled
This custom field stores the installed and enabled TLS Client versions on an endpoint.
TLS Enabled List Audit
This script gathers information about the TLS Client and Server protocol versions installed on an endpoint and stores the data in custom fields.
TLS Enabled List Audit
This PowerShell script shows the list of TLS servers, and client are enabled.
TLS Server Enabled
This custom field stores the installed and enabled TLS Server versions on an endpoint.
TLS Version Audit
This solution is built to audit the TLS version audit.
TLS Version Audit
This solution is built to audit the tls version audit.
TLS/SSL Security Hardening
This solution validates and hardens the system`s SSL/TLS configuration by disabling insecure protocols and weak cipher suites while enabling secure protocols and supporting optional reboot management.
Validate TLS SSL Hardening
This script validates that insecure protocols (SSL 3.0, TLS 1.0, TLS 1.1) and specified weak cipher suites are disabled at both the server and client levels on the system, while ensuring TLS 1.2 and TLS 1.3 are enabled when supported, providing a clear PASS/FAIL status without making any changes.