Security Basics mailing list archives
RE: Vendor wants remote control of our Servers and Workstations
From: Glenn English <ghe () slsware com>
Date: 10 Mar 2003 11:00:25 -0700
On Mon, 2003-03-10 at 07:45, John Brightwell wrote:
Personally I think allowing this level of access to an internal system is a big risk. Bear in mind that if this vendor uses the same method to support a number of customers the vendor may be a choice subject to attack (someone may break into their network to gain access to a targetted customer network). So, even if your company isn't a premium target you may still get hit.
I'll be interested to hear other people's comments ... more and more vendors are proposing this sort of support access (they save a lot of time in dealing with problems because they don't have to interact with the customer - I'd say that they can also 'relax' the quality requirements in recruiting engineers because their deficiancy is less obvious to the customer when there's little interaction).
I'm but a newbie, but according to 'most everything I've read here and in books, this customer's request falls into the "don't be silly" category: giving that kind of access to your networks and servers just isn't done. Might it not be better to install a new machine, call the arrangement with them "co-location", and let them do anything with it they want? And then have them give *you* access to *their* machine? It is, of course, possible that I'm missing something here... -- Glenn English ghe () slsware com
Current thread:
- Vendor wants remote control of our Servers and Workstations tony tony (Mar 06)
- RE: Vendor wants remote control of our Servers and Workstations Patrick S. Harper - CISSP (Mar 07)
- RE: Vendor wants remote control of our Servers and Workstations Burton M. Strauss III (Mar 07)
- Re: Vendor wants remote control of our Servers and Workstations David M. Fetter (Mar 07)
- <Possible follow-ups>
- RE: Vendor wants remote control of our Servers and Workstations Michael Parker (Mar 07)
- Re: Vendor wants remote control of our Servers and Workstations James Lee Gromoll (Mar 07)
- RE: Vendor wants remote control of our Servers and Workstations John Brightwell (Mar 10)
- RE: Vendor wants remote control of our Servers and Workstations Glenn English (Mar 11)
- RE: Vendor wants remote control of our Servers and Workstations Paul Carroll (Mar 17)