Abusing FOG as RMM (with public access)?


  • Hello,

    we are using FOG for normal deployments right now (for a few days), but since the agent is able to deploy software and run scripts on the machines, we also abuse it as a RMM for software deployment and script executions.

    Since some machines are going in home offices, or used in public networks, or get stolen, we think about, making the FOG Server accessible from external, so that these machines also can connect to the Server, and get software, or a remote wipe.

    But the question is, is FOG safe to use, with an external connection?
    Is it built for scenarios like this, or is it better to use it only with an active VPN? But in this case, remote wipe would be impossible.

    I’m sorry if there is already a thread like this, I wasn’t able to find it, also the wiki wasn’t a 100% answer for me.

    Thank you!

  • Moderator

    @suzabi said in Abusing FOG as RMM (with public access)?:

    Is it built for scenarios like this, or is it better to use it only with an active VPN? But in this case, remote wipe would be impossible.

    FOG was not designed with that scenario in mind. I would not suggest to run a FOG server facing the internet unless you know what you do - being able to secure the whole setup.

    I don’t think remote wipe will work because it needs PXE boot to start into such a task and it’s very unlikely someone sets things up in their own network after stealing a device.

    Using FOG behind a VPN is good practice if you have different locations. But you might think about using separate FOG servers as well because imaging across the internet can be a pain if connection speed is limited.

261
Online

9.5k
Users

15.9k
Topics

147.5k
Posts