|
|
|
|
We designed the system with comprehensive security throughout. Our design team brings over 50 years of experience designing secure systems for government and commercial applications. We applied this experience to uniquely combine ease of use with high security.
The platform’s architecture is central to providing maximum security. The agent initiates all communications back to the server. Since the agent will not accept any inbound connections, it is virtually impossible for a third party application to attack the agent from the network. The system does not need any input ports opened on the managed machines. This lets the agent do its job in virtually any network configuration without introducing any susceptibility to inbound port probes or new network attacks. VSA also creates a certificate to authenticate agents.
The VSA protects against man-in-the-middle attacks by encrypting all communications between the agent and server with AES 256 using a key that rolls every time the server tasks the agent. Typically at least once per day. Since there are no plain-text data packets passing over the network, there is nothing available for an attacker to exploit.
Users access the VSA through a web interface after a secure logon process. The system never sends passwords over the network and never stores them in the database. Only each user knows his or her password. The client side combines the password with a random challenge, issued by the VSA server for each session, and hashes it with SHA-256. The server side tests this result to grant access or not. The unique random challenge protects against a man-in-the-middle attack sniffing the network, capturing the random bits, and using them later to access the VSA.
Kaseya uses TLS for all secured HTTP and WebSocket connections. See the following security related topics for more information: