Security Basics mailing list archives
Re: Remote Control
From: Adrian DuPre <adrian.dupre () gmail com>
Date: Thu, 30 Sep 2004 08:53:24 -0500
Without sending you the acutal policy, here goes-- I work in the medical device industry (FDA/ISO controlled), and we use electronic signatures. Since you never know what potentially confidential information is on a users' screen when you initiate a remote control session (i.e. purchasing, quality records, HR data), our remote control policy includes the following: 1. Permission must be granted by the user before initiating a session 2. The method of permission, and the date/time of the remote control session as well as who initiated the session and what work was performed are logged in our help desk software (CYA measure) 3. Upon finishing remote work, IT staff must close all applications opened during the session. 4. Any exceptions require approval of IT management, and are documented and logged. In our case, it would be nice if we could configure the remote control software (LanDesk) would create the access record automatically, allowing the "controller" to only input permission granted and work performed. Hope that helps! -Adrian DuPre' -----Original Message----- From: Furutani, Curtis Y Mr TAMC [mailto:Curtis.Furutani () us army mil] Sent: Tuesday, September 28, 2004 6:10 PM To: security-basics () securityfocus com Subject: Remote Control Anyone have sample policies for remote control of end users desktops? Do you require some type of acknowledgement or approval to remotely administer or assist?
Current thread:
- Remote Control Furutani, Curtis Y Mr TAMC (Sep 29)
- Looking for some good sources jeffrey rivero (Sep 30)
- <Possible follow-ups>
- Re: Remote Control Adrian DuPre (Sep 30)