Educause Security Discussion mailing list archives

Re: Vendor Server Access

From: Jeff Kell <jeff-kell () UTC EDU>
Date: Fri, 24 Sep 2010 12:19:43 -0400

 On 9/24/2010 11:37 AM, Abreu, Jose A wrote:


We are in the process of setting up new guidelines on how vendors access our servers
as well as application owners.  Can you share any insight on how your institution is
handling this?


We require the vendor to give us a static IP (or verifiable subnet) where they will be
doing their remote support, and provide pinhole firewall exceptions for them to the
designated server.  This gives us flow logs, inspection, IPS/IDS, etc like any other
traffic.

In a few isolated cases we have done VPN, but our current VPN is not as "finely
granular" as I would like for vendor access cases.

Jeff

Current thread:

Vendor Server Access Abreu, Jose A (Sep 24)
- Re: Vendor Server Access Julian Y. Koh (Sep 24)
- Re: Vendor Server Access Alex Keller (Sep 24)
- Re: Vendor Server Access Greene, Chip (Sep 24)
- Re: Vendor Server Access Jeff Kell (Sep 24)
  - Re: Vendor Server Access Bradley, Stephen W. Mr. (Sep 26)
- Re: Vendor Server Access Hugh Burley (Sep 24)