Securing MOM Without Active Directory

If you are installing MOM in an environment that does not implement Active Directory or that does not implement trust relationships, mutual authentication cannot be used. This means that although MOM will encrypt traffic between the Management Servers and the agents on the managed computers, it will not be able to authenticate the agents. This means it is possible for an attacker to pose as, or use, an agent and receive encrypted data and then subsequently decrypt this data.

You can use an additional security method, such as IPSec, to secure communications between MOM Management Servers and agents. You can require IPSec signing and encryption between the IP addresses of the Management Server and the IP address of the agents. Alternately, you can require IPSec encryption between the IP address of the Management Server and all traffic over a subnet that includes the agents. For more information about IPSec, see the "Using Additional Security" section in this guide.