Educause Security Discussion mailing list archives
Re: Vendor Server Access
From: "Julian Y. Koh" <kohster () NORTHWESTERN EDU>
Date: Fri, 24 Sep 2010 10:45:19 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 11:37 AM -0400 9/24/10, Abreu, Jose A wrote:
We are in the process of setting up new guidelines on how vendors access our servers as well as application owners. Can you share any insight on how your institution is handling this?
This isn't universally applied, but in general what we used to do was give credentials to vendors and make them use our traditional VPN service. This had some limitations and issues though because we don't use split tunneling for that service, plus many of the vendors didn't have the proper permissions on their client machines to set up a new VPN adapter/client. Beginning in 2007, we deployed an SSL VPN service that has addressed those main concerns. We still give the vendors credentials, but they only have access to the resources that they need, and since much of the common functionality can be delivered through a web browser interface, the client privilege level isn't as big of a deal. -----BEGIN PGP SIGNATURE----- Version: 9.9.1.287 wj8DBQFMnMeODlQHnMkeAWMRApJ1AJ4mHCU78qZad/+7Cw7JyP2W+3fHkgCeObIy 7TogVSfqXAlHUNCOtazoHgE= =shSX -----END PGP SIGNATURE----- -- Julian Y. Koh <mailto:kohster () northwestern edu> Manager, Network Transport <phone:847-467-5780> Telecommunications and Network Services Northwestern University PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>
Current thread:
- Vendor Server Access Abreu, Jose A (Sep 24)
- Re: Vendor Server Access Julian Y. Koh (Sep 24)
- Re: Vendor Server Access Alex Keller (Sep 24)
- Re: Vendor Server Access Greene, Chip (Sep 24)
- Re: Vendor Server Access Jeff Kell (Sep 24)
- Re: Vendor Server Access Bradley, Stephen W. Mr. (Sep 26)
- Re: Vendor Server Access Hugh Burley (Sep 24)