RE: Kaseya

["Kevin Reiter" <KReiter () insidefsi net>]

If it's an MSP using Kaseya, the "appliance" is probably a server for storing backup images, since Kaseya doesn't use 
any appliances.

The Kaseya agent (software installed on the target machines to be monitored as part of the service) talks to the server 
located in the MSP's datacenter using 256-bit encryption with rolling keys.

See http://www.kaseya.com/technology/security.php for more info.



-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]On Behalf Of Shenk, Jerry A
Sent: Sunday, May 25, 2008 4:24 PM
To: M.B.Jr.; pen-test list
Subject: RE: Kaseya


I've often wondered about those type of appliances but I've never been
charged with actively checking them out.  I'd want to put sniffers on
any interfaces to collect the probe traffic and the traffic with the MSP
data center.  It seems that there are a fair number of issues that could
be rather dangerous.

What are the ramifications of a competitor getting the same appliance
from the same MSP?  What would happen if they'd take the box off-line
for a bit and boot it from a CD...maybe open it up, image the drive and
then put it back on-line.

Obviously, there needs to be a fair amount of trust when dealing with an
MSP and quite honestly, it's no different than dealing with a vendor who
has VPN access to manage their device...in all reality, there are a lot
of issues like this that people either don't think through or they just
decide to accept the risk.  But, with this MSP appliances, often, it's
not an acceptance of the risk but more a denial or ignorance that one
exists.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of M.B.Jr.
Sent: Saturday, May 24, 2008 3:01 PM
To: pen-test list
Subject: Kaseya

Hello list,
there's this infrastructure tool set for automating managed services,
named Kaseya (proprietary technology).

Basically, the managed-services-provider controls one of his
customers' remote LANs with two intercommunicating "appliances":

  * a Kaseya dedicated server located at the MSP data center; and

  * a "probe" equipment at the remote LAN.

The audit team to which I belong is about to examine the probe-featured
LAN.
Right now, we're researching whether this "solution" can cause the LAN
some weaknesses;
the resulting research's report is going to shape the logical tests.

So, the question is (I guess):
does anyone know of any Kaseya-enhanced LAN security
implication/vulnerability?

Thank you,
yours sincerely,


-- 
Marcio Barbado, Jr.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes 
in Securing Web Applications  
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


**DISCLAIMER
This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which 
they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the 
intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the 
message. If you have received this communication in error, please notify the sender and delete this e-mail message. The 
contents do not represent the opinion of D&E except to the extent that it relates to their official business.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes 
in Securing Web Applications  
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


This message may contain confidential or proprietary information and is intended solely for the individual(s) to whom 
it is addressed.  If you are not a named addressee you should not disseminate, distribute or copy this e-mail or act 
upon the information contained herein.  Please notify the sender immediately by e-mail if you have received this e-mail 
by mistake and delete this e-mail from your system.


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------