Client-server Authentication

by Apr 8, 2009


I'm relatively new to using uptime and I have a basic question regarding client-server authentication.

I install a client on a W2K3 client server box. No problem. I then go to the uptime server and add the client server in as a managed client. I noticed that at no point does it ask me to authenticate against the client server I'm adding. I am then able to monitor pretty much any service, restart them if they fail etc with Action Profiles all from the uptime server. The client application on the client server is running as a system level process.

So my question is – what is stopping a hacker from opening an unauthenticated connection to my servers and taking control of them through the uptime port/protocol? Is the security of my servers now dependent on a firewall rule I will need to roll out across the entire enterprise? If so, is there any intention to implement some sort of inbuilt security between uptime clients and their managing server?