Educause Security Discussion mailing list archives
Re: Vendor Server Access
From: Alex Keller <alkeller () SFSU EDU>
Date: Fri, 24 Sep 2010 08:55:31 -0700
where possible we try to avoid giving vendors direct access to our servers. in the cases where there is a legitimate need for troubleshooting purposes we encourage the use of remote assistance tools that allow us to control the duration of the session. if the vendor needs consistent access over time, we typically require them to formally document why they need this level of access and have them sign a form that basically says they are going to follow all the rules and not do anything stupid/malicious. after the paperwork clears they will be granted a VPN and server logon account. i recommend some sort of documented review of these accounts to make sure they don't live on indefinitely. best, alex keller -- Alex Keller Systems Administrator Academic Technology, San Francisco State University Office: Burk Hall 153 Phone: (415)338-6117 Email: alkeller () sfsu edu On 9/24/2010 8:37 AM, Abreu, Jose A wrote:
We are in the process of setting up new guidelines on how vendors access our servers as well as application owners. Can you share any insight on how your institution is handling this? *Jose Abreu* University of Miami (Voice) 305.284.5213 (Fax) 305-284-5213
Current thread:
- Vendor Server Access Abreu, Jose A (Sep 24)
- Re: Vendor Server Access Julian Y. Koh (Sep 24)
- Re: Vendor Server Access Alex Keller (Sep 24)
- Re: Vendor Server Access Greene, Chip (Sep 24)
- Re: Vendor Server Access Jeff Kell (Sep 24)
- Re: Vendor Server Access Bradley, Stephen W. Mr. (Sep 26)
- Re: Vendor Server Access Hugh Burley (Sep 24)