Re: Vendor Access

["Bradley, Stephen W. Mr." <bradlesw () MUOHIO EDU>]

We use eGuardPost and the vendor must have a need and a sponsor from the university.  The also must sign an NDA.  Then 
they get an account on the eGP system and when they want in they go to the system and make a request.  The university 
sponsor must then grant them permission for the time they request.  After their request is granted they continue on in 
either a Windows or SSH session.

Works well for the people that actually read the instructions we provide.


steve

________________________________
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Drews, 
Adam
Sent: Thursday, March 04, 2010 11:00 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Vendor Access

Hello All,

I was wondering how other people are handling vendor access to their networks.  I searched the EduCause Security 
archive and didn't find much there.  Do you have them fill out a form stating who they are, who they work for, what 
access they need, how long they need the access, etc.?  Any input would be greatly appreciated.

Thanks,
--

Adam Drews
Information Security Analyst
Information Security Office

Joliet Junior College
1215 Houbolt Rd.
Joliet, IL  60431
P: (815) 280-2667
F: (815) 280-2668

CONFIDENTIALITY NOTICE:
The information contained in this e-mail message is legally privileged and confidential, and is intended only for the 
use of the individual or entity named above. If the reader of this message is not the intended recipient, you are 
hereby notified that any dissemination, distribution or copy of this message is strictly prohibited. If you receive 
this in error, please notify the sender by reply e-mail and delete this message.