Of course the age-old problem with security is that
the access restriction can impact on usability or
support.
If you go ahead with the proposed solution then the
Vendor has significant access to your internal
network.
How much do you trust the vendor?
Are they liable for any damage they cause
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I personally would never allow a vendor to come into my network and have that kind of
control, VPN or not. I would insist on phone support for the end users (if they can't
do it with phone support and a desktop support person next to the machine
WOW! I'm with you...even if the vendor has the best of intentions this
could cause a lot of trouble. Admittedly you can secure the wazoo out
of this from a technological standpoint, but far more concerning would
be human equation. You might want to hit them up with a ton of legal
documentation
With a VPN you don't have to worry about the traffic on the public network -
that will be encrypted. And you can insist upon strong authentication for
the tunnel itself.
What you do have to worry about is what they can do once they're inside.
Unless you erect an internal firewall around the PC
Is this vendor going to be a long term solution? It sounds like a lot
of hassle if they are only going to be there on a short term. Assuming
they are long term, VPN is probably the best method. At least then,
only a couple ports need to be opened up on the firewall and the traffic
will be
consultant
working the project.
From: David M. Fetter [EMAIL PROTECTED]
To: tony tony [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Re: Vendor wants remote control of our Servers and Workstations
Date: Thu, 06 Mar 2003 18:13:46 -0800
Is this vendor going to be a long term solution? It sounds
