Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: Kaseya

Re: Kaseya

From: M.B.Jr. <marcio.barbado_at_gmail.com>
Date: Tue, 27 May 2008 09:12:56 -0300

Dear Dante,
thank you for this elucidation.

The MSP-side resembles a Unix-like Syslog functionality, when it works
with netdump "agents" (installed in remote hosts).

Thank you,

On 5/24/08, Dante Lanznaster <dantecl_at_gmail.com> wrote:
> We use Kaseya monitoring at our company (MSP) and the way it works is:
>
> - 1 server with the Kaseya main center at our facility
> - each monitored device (desktop or server) has an agent installed.
>
> There is no need to open any ports on the customer side. The agent pokes out
> to the internet and makes a connection with the data center. There is only
> one port that needs to be opened on the firewall at the data center. So far
> haven't heard of any vulnerabilites involving Kaseya.
>
>
> On Sat, May 24, 2008 at 12:01 PM, M.B.Jr. <marcio.barbado_at_gmail.com> wrote:
> >
> > Hello list,
> > there's this infrastructure tool set for automating managed services,
> > named Kaseya (proprietary technology).
> >
> > Basically, the managed-services-provider controls one of his
> > customers' remote LANs with two intercommunicating "appliances":
> >
> > * a Kaseya dedicated server located at the MSP data center; and
> >
> > * a "probe" equipment at the remote LAN.
> >
> > The audit team to which I belong is about to examine the probe-featured
> LAN.
> > Right now, we're researching whether this "solution" can cause the LAN
> > some weaknesses;
> > the resulting research's report is going to shape the logical tests.
> >
> > So, the question is (I guess):
> > does anyone know of any Kaseya-enhanced LAN security
> implication/vulnerability?
> >
> > Thank you,
> > yours sincerely,
> >
> >
> > --
> > Marcio Barbado, Jr.
> >
> >
> ------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Top 5 Common Mistakes
> > in Securing Web Applications
> > Find out now! Get Webinar Recording and PPT Slides
> >
> > www.cenzic.com/landing/securityfocus/hackinar
> >
> ------------------------------------------------------------------------
> >
> >
>
> 

-- 
Marcio Barbado, Jr.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes 
in Securing Web Applications  
Find out now! Get Webinar Recording and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on May 28 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos