RE: Kaseya

["Utz, Ralph" <rutz () realtime-it com>]

Well, from what I understand it gather's it's data by ping scanning the
network and referencing the results to it's database of PCs that it's
agent is installed on.  If there is an IP that isn't in the database
that comes up hot, it trys to access the IPC$ share I believe.  If it
can access it, it flags it as a Windows box and trys to install it's
agent on the device.  If not, it leaves it and moves on.  

Weaknesses that stand out to me are 2 things.  One being that depending
on how often you have the appliance set to scan and how old your network
gear is, it could flood your network.  Two being that in order to access
the IPC$ share on all the machines, you have to use a domain account
that has rights to install software on the machine.  Most times this
ends up with the MSP requiring a domain admin account because no one
wants to fool with delegating permissions.  

So in theory, you have an appliance that floods your network with pings
and possible clear txt attempts at using a domain admin account.  

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of M.B.Jr.
Sent: Saturday, May 24, 2008 2:01 PM
To: pen-test list
Subject: Kaseya

Hello list,
there's this infrastructure tool set for automating managed services,
named Kaseya (proprietary technology).

Basically, the managed-services-provider controls one of his customers'
remote LANs with two intercommunicating "appliances":

  * a Kaseya dedicated server located at the MSP data center; and

  * a "probe" equipment at the remote LAN.

The audit team to which I belong is about to examine the probe-featured
LAN.
Right now, we're researching whether this "solution" can cause the LAN
some weaknesses; the resulting research's report is going to shape the
logical tests.

So, the question is (I guess):
does anyone know of any Kaseya-enhanced LAN security
implication/vulnerability?

Thank you,
yours sincerely,


--
Marcio Barbado, Jr.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------



The information in this email and in any attachments is confidential and may be privileged.
If you are not the intended recipient, please destroy this message, delete any copies held
on your systems and notify the sender immediately. You should not retain, copy, or use this
email for any purpose, and any review or other use of this information by persons or
entities other than the intended recipient or any retransmission without the written consent
of the sender is expressly prohibited.



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------