Re: Kaseya
- From: "M.B.Jr." <marcio.barbado@xxxxxxxxx>
- Date: Tue, 27 May 2008 13:07:38 -0300
Dear Jerry,
On 5/25/08, Shenk, Jerry A <jshenk@xxxxxxxxxxxxxxxxxxxx> wrote:
Obviously, there needs to be a fair amount of trust when dealing with an
MSP and quite honestly, it's no different than dealing with a vendor who
has VPN access to manage their device...in all reality, there are a lot
of issues like this that people either don't think through or they just
decide to accept the risk.
Indeed.
My suggestion:
read the book "DOES IT MATTER?" by Nicholas G. Carr
and understand how we got to this uncomfortable point.
Best regards,
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of M.B.Jr.
Sent: Saturday, May 24, 2008 3:01 PM
To: pen-test list
Subject: Kaseya
Hello list,
there's this infrastructure tool set for automating managed services,
named Kaseya (proprietary technology).
Basically, the managed-services-provider controls one of his
customers' remote LANs with two intercommunicating "appliances":
* a Kaseya dedicated server located at the MSP data center; and
* a "probe" equipment at the remote LAN.
The audit team to which I belong is about to examine the probe-featured
LAN.
Right now, we're researching whether this "solution" can cause the LAN
some weaknesses;
the resulting research's report is going to shape the logical tests.
So, the question is (I guess):
does anyone know of any Kaseya-enhanced LAN security
implication/vulnerability?
Thank you,
yours sincerely,
--
Marcio Barbado, Jr.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
**DISCLAIMER
This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this communication in error, please notify the sender and delete this e-mail message. The contents do not represent the opinion of D&E except to the extent that it relates to their official business.
--
Marcio Barbado, Jr.
"In fact, companies that innovate on top of open standards are
advantaged because resources are freed up for higher-value work and
because market opportunities expand as the standards proliferate."
Scott Handy
Vice President Worldwide Linux and Open Source, IBM
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
- References:
- Kaseya
- From: M.B.Jr.
- RE: Kaseya
- From: Shenk, Jerry A
- Kaseya
- Prev by Date: RE: Kaseya
- Next by Date: Re: Identify rogue adsl modems routers in the network
- Previous by thread: RE: Kaseya
- Next by thread: Re: Kaseya
- Index(es):
Relevant Pages
|
