That’s actually reminds me - wouldn’t it be neat if there was an actual “BigFix Security Checklists” that actually checks whether recommended security settings on both clients/relays/root server/copliance server/BFI server/plugin server/webui server/etc are being checked against “recommended” security configurations? Stuff like:
- Are certificates available for all machines?
- Are relay authentication configured?
- Are operator pwd complexity set-up/enforced?
All-in-all, how secure are BigFix products themselves… As a tool of such power and ability to track compliance for everything else, the fact that there is no easy way to keep track of its internal one, especially with the amount of new functionality/security settings/etc (several “warning fixlets” from a lot of years ago do not seem enough to me).