Penetration Testing mailing list archives
Re: [Fwd: Re: [SMBManagedServices] Re:[Fwd: Kaseya]]
From: "M.B.Jr." <marcio.barbado () gmail com>
Date: Tue, 27 May 2008 11:31:49 -0300
Jason Paquette wrote:Marcio, These questions are very easily answered by Kaseya's sales team whom has documentation to answer this. The short answer is it is incredibly secure...
Wooow! LOL A code one can't see and notably, one can trust! That is so amazing!
The original agent/server architecture was designed as an encryption key manager for the National Security Agency.
Well you know, all this remote dumping thing sort of reminds me of ECHELON, as a matter of fact. =) Nonetheless, I must ask you for trustable/probative references and sources, please. Academic ones, most preferably.
The agent uses an outbound connection only, so no open ports into the customer's firewall. The agent opens an encrypted tunnel back to your server using 256bit encryption with a rolling key. The connection is extremely low overhead, taking up only a few KB of bandwidth. The Kaseya framework is in use by Federal, State, and Local governments around the world, as well as by the US Military... and of course by corporate IT departments and managed services providers. And to avoid confusion; Kaseya is not appliance-based. It is entirely software based. It is installed on one Windows Server at the home office/datacenter (not on a server at each site, only one server total). A small software agent is installed on each device (Windows or Mac) to be managed. All that is required is an outbound Internet connection from the agent (no VPNs or inbound firewallports). For additional product information, your best resource is to contact Kaseya directly... No one knows the product better than they do. If you want to know how we as managed services providers use it in our businesses, I'm sure we'll be happy to share. JASON PAQUETTE | COO BUSINESS TECHNOLOGY GROUP, LLC. Phone: 425.947.4860 ext. 101 Email: Jason () BusinessTG com<mailto:Jason () BusinessTG com> Web: www.BusinessTG.com<http://www.BusinessTG.com>
See Jason, I googled for site:nsa.gov kaseya and nothing happened; and, believe me, by the time I expanded the googling for site:gov kaseya besides grabbing a lot of Kaseya-named men, the only relevant (if so) information we got was the following file at the NIST's domain: csrc.nist.gov/publications/nistpubs/800-40-Ver2/SP800-40v2.pdf In its 72 pages, Kaseya's briefly mentioned (among many others) in the 62nd page (only) as a patch management software. On 5/25/08, Susan Bradley <sbradcpa () pacbell net> wrote:
His job is to confirm that it's secure, not take the word of the vendor.
Dear Susan, that's correct. Thank you, -- Marcio Barbado, Jr. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Re: [Fwd: Re: [SMBManagedServices] Re:[Fwd: Kaseya]] M.B.Jr. (May 28)