MeshCentral2 - Let's Encrypt & Security Improvements

As MeshCentral is being used by some as an internet facing server, it's important that as many industry standard security features be implemented. In the past weeks, MeshCentral and MeshCommander got more releases to continue to move security forward. From improved Let's Encrypt support to MeshCommander support for two-factor authentication, a lot of improvements have been made. Here is a list of the big ones:
  • GreenLockv3 support. MeshCentral has built-in support for getting and auto-renewing TLS certificates using Let's Encrypt which is a free CA service for web servers. Let's Encrypt updated it's validation protocol and is dropping support for the old protocol on December 1st requiring that everyone move to the new version. In the last week MeshCentral switched to using GreenLock v3 and made improvements. For example, MeshCentral will first try to get a Let's Encrypt staging certificate to test that everything is working before getting a production one.
  • Invalid Login Rate Throttling. When exposed to the Internet, attackers can spam a server with login requests, to guard against this, MeshCentral now implements a system where if many bad login attempts are made, the source IP address will be banned for a period of time, blocking any login attempts. The extra values are configurable.
  • Invalid Login Events & Notification. Bad login attempts are now logged and when a user logs in the next time, they will get a notification of how many invalid login attempts where made against their account. This includes login using a bad password or bad 2nd-factor attempts.
  • MeshCommander Support for 2nd Factor Auth. When MeshCommander connects to a MeshCentral server, the latest version will now prompt for the 2nd factor token if required by the server. This allows MeshCommander to correctly login to accounts with two-factor authentication enabled.
  • Improved MeshCentral Tracing Support. In order to help the community debug issues, there is now an improved tracing system that can be used to select what events you are interested in looking at and where you want to see them. You can now log select events to file in addition to looking at events in real-time on the web interface.
In addition to this, MeshCommander v0.8.0 was released last week with many more bug fixes and feature improvements. They include support for OS power states on Intel AMT 10+, drag & drop fixes, user interface fixes and much more. There are a bunch of people from the community that have helped a lot in the last two weeks, especially with testing and debugging GreenLockv3 & Let's Encrypt. Really super amazing that some are going above and beyond to help out. Thank you.

Enjoy,
Ylian
Twitter: https://twitter.com/meshcentral
Reddit: https://www.reddit.com/r/MeshCentral/
GitHub: https://github.com/Ylianst/MeshCentral/issues
MeshCentral2: http://www.meshcommander.com/meshcentral2












Popular posts from this blog

Starting work at Microsoft

Image
Hi everyone. It’s been a while since the last blog post and I wanted up update everyone on what is going on. As many of you know already from a discussion on GitHub , Bryan and I have been laid-off from Intel in early November 2022. This was quite a surprise as MeshCentral, MeshCommander, MeshCMD and other tools where widely used. This said, Intel has been having poor financials and Bryan and I where part of a very large first wave of downsizing by the company that involved many people that I know and worked with for a long time. I had been working for Intel for over 25 years having started in September 1998. Over the years I worked on IPsec key negotiation, Universal Plug & Play, DLNA and Intel® AMT. I loved working on all these projects and especially loved working with the open-source community on Mesh projects. Obviously, this was not my decision and Bryan and I had look for what comes next. One option was to continue working on MeshCentral as part of another company or with
Read more

MeshCentral - Windows ARM64, NodeJS v11, NPM Packages

Image
Hi all. It's been a while since I last posted and now that I am settling a bit more in my work at Microsoft, I have a bit of time to occasionally look after MeshCentral again. It's about time, there where a bunch of things that needed to get fixed. Before that, I want to say that I am doing great. I am working on Microsoft Forms which is one of the offerings of Microsoft 365. For kicks, I started a YouTube channel on Microsoft Forms here during a Microsoft hacking week. I tried to up my game since the videos I last published for MeshCentral. Also, I wanted to share pictures below. I was at a Tesla Supercharger last weekend and, by luck, got to see a Tesla Cybertruck in person. It's very big. Obviously, this is a release candidate driven by a Tesla employee. I saw it after attempting to see the solar eclipse over Oregon, but sadly, too many clouds and saw nothing. In any case, back to MeshCentral. In the last few months a few things have happened with the new releases. Wind
Read more

MeshCentral - New Windows Agents - Installation Dialog, Customization and Server Lock

Image
Lots is going on with MeshCentral, just yesterday Bryan Roe released a new MeshAgent for Windows with many improvements. An improved installation dialog box, logo customization and, to continue MeshCentral’s leadership in security, a new agent code signing locking feature that will surely be used by many to improve trust and security of their MeshCentral installation. In addition to this, we have many more server improvements to cover. In detail: MeshAgent with improved installation dialog box . The new MeshAgent for Windows is much improved with months of changes and bug fixes. The most noticeable feature is by far the new installation dialog with the new logo and connection details button. The new installer is a lot friendlier and easier on end-users. MeshAgent with improved customizations . In addition to all the existing agent customizations available in prior versions, the MeshAgent has new server settings for the installation text and logo. You can now set your own 200x200 PNG c
Read more