Educause Security Discussion mailing list archives

Re: Vendor Server Access

From: "Bradley, Stephen W. Mr." <bradlesw () MUOHIO EDU>
Date: Sun, 26 Sep 2010 15:59:44 -0400

We use e-DMZ Security's e Guard Post product.

Can have multiple approvers and control over access plus it records sessions for RDP and SSH.

Sent from my iPad

Stephen Bradley
bradlesw () muohio edu

On Sep 24, 2010, at 12:24 PM, "Jeff Kell" <jeff-kell () UTC EDU> wrote:

On 9/24/2010 11:37 AM, Abreu, Jose A wrote:


We are in the process of setting up new guidelines on how vendors access our servers as well as application owners.  
Can you share any insight on how your institution is handling this?


We require the vendor to give us a static IP (or verifiable subnet) where they will be doing their remote support, 
and provide pinhole firewall exceptions for them to the designated server.  This gives us flow logs, inspection, 
IPS/IDS, etc like any other traffic.

In a few isolated cases we have done VPN, but our current VPN is not as "finely granular" as I would like for vendor 
access cases.

Jeff

Current thread:

Vendor Server Access Abreu, Jose A (Sep 24)
- Re: Vendor Server Access Julian Y. Koh (Sep 24)
- Re: Vendor Server Access Alex Keller (Sep 24)
- Re: Vendor Server Access Greene, Chip (Sep 24)
- Re: Vendor Server Access Jeff Kell (Sep 24)
  - Re: Vendor Server Access Bradley, Stephen W. Mr. (Sep 26)
- Re: Vendor Server Access Hugh Burley (Sep 24)