tony tony wrote:
Folks
We have an outside vendor (StellarRAD) that wants to come into our network (via
VPN) and use pcAnywhere to maintain his software on 5 production servers. Vendor wants to also use a product like Blue Ocean to remotely control our
workstations to help users with software problems (ie software is complex)or
for trouble shooting. Blue Ocean software allows bi-directional file transfers
and chat between the vendor and work stations.
I approve all tickets for firewall changes. I told our firewall and network
people that this ticket just does not *smell right* and I will conduct some
research on the security issues. As always, the vendor/network/firewall people
are putting the heat on to me to approve the ticket ASAP.
In your opinion what are all the security issues? What should I recommend as a
more secure way for 1) the vendor to access the StellarRAD production servers
remotely and 2) help our users?
===== Tony Torri CISSP, CISA, CDP, CIA Senior IS Security & Risk Manager 360.906.7893 (Work) Northern Telecom LLP
__________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/
-- David M. Fetter - http://www.fetterconsulting.com/
"The world is full of power and energy and a person can go far by just skimming off a tiny bit of it." Neal Stephenson - Snow Crash
