Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: [Fwd: Re: [SMBManagedServices] Re:[Fwd: Kaseya]]

Re: [Fwd: Re: [SMBManagedServices] Re:[Fwd: Kaseya]]

From: M.B.Jr. <marcio.barbado_at_gmail.com>
Date: Tue, 27 May 2008 11:31:49 -0300

> Jason Paquette wrote:
> > Marcio,
> >
> > These questions are very easily answered by Kaseya's sales team whom has
> > documentation to answer this. The short answer is it is incredibly
> > secure...

Wooow! LOL
A code one can't see and notably, one can trust!
That is so amazing!

> > The original agent/server architecture was designed as an
> > encryption key manager for the National Security Agency.

Well you know,
all this remote dumping thing sort of reminds me of ECHELON, as a
matter of fact. =)
Nonetheless, I must ask you for trustable/probative references and
sources, please. Academic ones, most preferably.

> > The agent uses an
> > outbound connection only, so no open ports into the customer's firewall.
> > The agent opens an encrypted tunnel back to your server using 256bit
> > encryption with a rolling key. The connection is extremely low overhead,
> > taking up only a few KB of bandwidth. The Kaseya framework is in use by
> > Federal, State, and Local governments around the world, as well as by the US
> > Military... and of course by corporate IT departments and managed services
> > providers.
> >
> > And to avoid confusion; Kaseya is not appliance-based. It is entirely
> > software based. It is installed on one Windows Server at the home
> > office/datacenter (not on a server at each site, only one server total). A
> > small software agent is installed on each device (Windows or Mac) to be
> > managed. All that is required is an outbound Internet connection from the
> > agent (no VPNs or inbound firewallports).
> >
> > For additional product information, your best resource is to contact
> > Kaseya directly... No one knows the product better than they do. If you
> > want to know how we as managed services providers use it in our businesses,
> > I'm sure we'll be happy to share.
> >
> > JASON PAQUETTE | COO
> > BUSINESS TECHNOLOGY GROUP, LLC.
> > Phone: 425.947.4860 ext. 101
> > Email: Jason_at_BusinessTG.com<mailto:Jason_at_BusinessTG.com>
> > Web: www.BusinessTG.com<http://www.BusinessTG.com>

See Jason, I googled for

site:nsa.gov kaseya

and nothing happened;
and, believe me, by the time I expanded the googling for

site:gov kaseya

besides grabbing a lot of Kaseya-named men,
the only relevant (if so) information we got was the following file at
the NIST's domain:

csrc.nist.gov/publications/nistpubs/800-40-Ver2/SP800-40v2.pdf

In its 72 pages, Kaseya's briefly mentioned (among many others) in the
62nd page (only) as a patch management software.

On 5/25/08, Susan Bradley <sbradcpa_at_pacbell.net> wrote:
> His job is to confirm that it's secure, not take the word of the vendor.

Dear Susan,
that's correct.

Thank you, 

-- 
Marcio Barbado, Jr.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes 
in Securing Web Applications  
Find out now! Get Webinar Recording and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on May 28 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos