Posted on 05-08-2018 08:06 AM
I've been working internally to move to HTTPS file sharing (vs AFP) for software deployment. We've had discussions with JAMF in the past around security for package deployment, and it looks like there's not been much change from the JAMF side (as confirmed by support). From a security perspective, our InfoSec aligns with the financial industries. Is there anyone out there in heavily regulated/secured industries that has enabled HTTPS file sharing? the only option according to JAMF is basic auth for security and that's a big no-no around here.
From our POV, the flags are:
TIA
Posted on 05-08-2018 12:51 PM
I have directory browsing turned off with password authentication turned on for my server. So if someone visits https://myjss.myjss.com they get a login prompt. Because it is https the credentials are encrypted vs plain text. For me, this is enough. At the end of the day your url isn't "guessable" at all. It's very public. Do a DNS lookup on yourself and you'll see all your domains/subdomains along with open ports.
https://dnsdumpster.com/
At the end of the day, you can never 100% stop a breach. You can only deter someone enough to stop them from trying.
Posted on 05-08-2018 02:04 PM
I’d love more options for auth.
We host our own CDN for the jamf instances we host & Basic Auth is the best we can offer currently due to this.