Vendor wants remote control of our Servers and Workstations

[tony tony <tonytorri () yahoo com>]

Folks

We have an outside vendor (StellarRAD) that wants to come into our network (via
VPN) and use pcAnywhere to maintain his software on 5 production servers. 
Vendor wants to also use a product like Blue Ocean to remotely control our
workstations to help users with software problems (ie software is complex)or
for trouble shooting.  Blue Ocean software allows bi-directional file transfers
and chat between the vendor and work stations. 

I approve all tickets for firewall changes.  I told our firewall and network
people that this ticket just does not *smell right* and I will conduct some
research on the security issues.  As always, the vendor/network/firewall people
are putting the heat on to me to approve the ticket ASAP. 

In your opinion what are all the security issues?  What should I recommend as a
more secure way for 1) the vendor to access the StellarRAD production servers
remotely and 2) help our users?  

=====
Tony Torri CISSP, CISA, CDP, CIA
Senior IS Security & Risk Manager
360.906.7893 (Work)
Northern Telecom LLP

__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/