Security Basics mailing list archives
RE: Vendor wants remote control of our Servers and Workstations
From: "Michael Parker" <mparker () rim net>
Date: Thu, 6 Mar 2003 13:37:24 -0500
WOW! I'm with you...even if the vendor has the best of intentions this could cause a lot of trouble. Admittedly you can secure the wazoo out of this from a technological standpoint, but far more concerning would be human equation. You might want to hit them up with a ton of legal documentation and liability insurance as well as make sure that they can meet/excced the standards you hold for your own employees that "touch" the servers in question. Might not be a bad idea to talk to your legal department about this. Even if approved you might want to create a strict policy outlining specifically what they can and can't do, and recourse if they overstep their boundries. Cheers, Michael -----Original Message----- From: tony tony [mailto:tonytorri () yahoo com] Sent: March 5, 2003 10:17 PM To: security-basics () securityfocus com Subject: Vendor wants remote control of our Servers and Workstations Folks We have an outside vendor (StellarRAD) that wants to come into our network (via VPN) and use pcAnywhere to maintain his software on 5 production servers. Vendor wants to also use a product like Blue Ocean to remotely control our workstations to help users with software problems (ie software is complex)or for trouble shooting. Blue Ocean software allows bi-directional file transfers and chat between the vendor and work stations. I approve all tickets for firewall changes. I told our firewall and network people that this ticket just does not *smell right* and I will conduct some research on the security issues. As always, the vendor/network/firewall people are putting the heat on to me to approve the ticket ASAP. In your opinion what are all the security issues? What should I recommend as a more secure way for 1) the vendor to access the StellarRAD production servers remotely and 2) help our users? ===== Tony Torri CISSP, CISA, CDP, CIA Senior IS Security & Risk Manager 360.906.7893 (Work) Northern Telecom LLP __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/
Current thread:
- Vendor wants remote control of our Servers and Workstations tony tony (Mar 06)
- RE: Vendor wants remote control of our Servers and Workstations Patrick S. Harper - CISSP (Mar 07)
- RE: Vendor wants remote control of our Servers and Workstations Burton M. Strauss III (Mar 07)
- Re: Vendor wants remote control of our Servers and Workstations David M. Fetter (Mar 07)
- <Possible follow-ups>
- RE: Vendor wants remote control of our Servers and Workstations Michael Parker (Mar 07)
- Re: Vendor wants remote control of our Servers and Workstations James Lee Gromoll (Mar 07)
- RE: Vendor wants remote control of our Servers and Workstations John Brightwell (Mar 10)
- RE: Vendor wants remote control of our Servers and Workstations Glenn English (Mar 11)
- RE: Vendor wants remote control of our Servers and Workstations Paul Carroll (Mar 17)