Management software and security

by Mitch Tulloch [Published on 28 Sept. 2005 / Last Updated on 28 Sept. 2005]

Which kind of management software is more secure, agent-based or agentless?

Which kind of management software is more secure, agent-based or agentless? I vote for agentless software for one simple reason: less risk of a service account dependency creating an unexpected vulnerability in your network. Generally, if you're using an agent-based management platform you must have admin credentials on all the systems being managed, and this creates what's called a service account dependency, see my blog for more info on this problem. In other words, if the account used to run your management software is somehow compromised, then every system this software managed is effectively compromised also. So my preference is for agentless management software as it's inherently more secure, and usually a lot easier to deploy as well!

Featured Links