Re: Vendor Server Access

["Julian Y. Koh" <kohster () NORTHWESTERN EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 11:37 AM -0400 9/24/10, Abreu, Jose A wrote:
> We are in the process of setting up new guidelines on how vendors access
> our servers as well as application owners.  Can you share any insight on
> how your institution is handling this?

This isn't universally applied, but in general what we used to do was give
credentials to vendors and make them use our traditional VPN service.  This
had some limitations and issues though because we don't use split tunneling
for that service, plus many of the vendors didn't have the proper
permissions on their client machines to set up a new VPN adapter/client.

Beginning in 2007, we deployed an SSL VPN service that has addressed those
main concerns.  We still give the vendors credentials, but they only have
access to the resources that they need, and since much of the common
functionality can be delivered through a web browser interface, the client
privilege level isn't as big of a deal.


-----BEGIN PGP SIGNATURE-----
Version: 9.9.1.287

wj8DBQFMnMeODlQHnMkeAWMRApJ1AJ4mHCU78qZad/+7Cw7JyP2W+3fHkgCeObIy
7TogVSfqXAlHUNCOtazoHgE=
=shSX
-----END PGP SIGNATURE-----

-- 
Julian Y. Koh                         <mailto:kohster () northwestern edu>
Manager, Network Transport                         <phone:847-467-5780>
Telecommunications and Network Services         Northwestern University
PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>