Educause Security Discussion mailing list archives

Re: Vendor Network Access

From: Dennis Bohn <bohn () ADELPHI EDU>
Date: Tue, 21 Oct 2014 07:31:31 -0400

Hi John,
When this issue first reared its ugly head ten years ago, we made the
decision to segment off all HVAC/BMS (Building Management Systems) from the
rest of our network.  We initially created a separate vlan which routed
only to a small firewall dedicated to the BMS.  Now we are moving to VRFs
but wiht the same principle.  I highly recommend the segmentation
approach.  Then it is up to facilities what their vendors have access to
and what happens.

HTH,
dennis

Dennis Bohn
Manager of Network and Systems
Adelphi University
bohn () adelphi edu
5168773327

On Mon, Oct 20, 2014 at 5:08 PM, John Kaftan <jkaftan () cayuga-cc edu> wrote:

 We have a HVAC vendor wanting to get in so they can manage equipment
remotely.  I know this can be a huge security risk an in it could make me a
huge “Target”.  Does anyone have a Vendor Remote Access Policy that they
would be willing to share?



Thanks,



John Kaftan

Dean of Information Technology

Cayuga Community College

315.294.8520

*It’s all about the students.*

Current thread:

Vendor Network Access John Kaftan (Oct 20)
- Re: Vendor Network Access Scott Link (Oct 20)
- Re: Vendor Network Access Dennis Bohn (Oct 21)
  - Re: Vendor Network Access John Kaftan (Oct 21)