Re: Vendor wants remote control of our Servers and Workstations

From: James Lee Gromoll (
Date: 03/07/03

  • Next message: John O'Connor: "Re: Telnet vs PcAnywhere"
    From: "James Lee Gromoll" <>
    Date: Fri, 07 Mar 2003 13:30:42 -0800

    Take a look at their corporate homepage. I'm not sure what I think after I
    looked at their staff bio's. I did not see any computer science backgrounds
    and that makes me wonder..... If it were me, I would want control over how
    they do business or a real warm fuzzy feeling about the specific consultant
    working the project.

    >From: "David M. Fetter" <>
    >To: tony tony <>
    >Subject: Re: Vendor wants remote control of our Servers and Workstations
    >Date: Thu, 06 Mar 2003 18:13:46 -0800
    >Is this vendor going to be a long term solution? It sounds like a lot of
    >hassle if they are only going to be there on a short term. Assuming they
    >are long term, VPN is probably the best method. At least then, only a
    >couple ports need to be opened up on the firewall and the traffic will be
    >encrypted. However, the thing to check or try to push for, is to validate
    >how secure the vendors' network is. If their network is not secure and
    >they are compromised then so is your network. If they don't have proper
    >security policies and measures in place and your companies data is
    >considered sensitive, then it could present a huge security hole. It
    >basically like making a backdoor into your network through theirs.
    >tony tony wrote:
    >>We have an outside vendor (StellarRAD) that wants to come into our network
    >>VPN) and use pcAnywhere to maintain his software on 5 production servers.
    >>Vendor wants to also use a product like Blue Ocean to remotely control our
    >>workstations to help users with software problems (ie software is
    >>for trouble shooting. Blue Ocean software allows bi-directional file
    >>and chat between the vendor and work stations.
    >>I approve all tickets for firewall changes. I told our firewall and
    >>people that this ticket just does not *smell right* and I will conduct
    >>research on the security issues. As always, the vendor/network/firewall
    >>are putting the heat on to me to approve the ticket ASAP.
    >>In your opinion what are all the security issues? What should I recommend
    >>as a
    >>more secure way for 1) the vendor to access the StellarRAD production
    >>remotely and 2) help our users?
    >>Tony Torri CISSP, CISA, CDP, CIA
    >>Senior IS Security & Risk Manager
    >>360.906.7893 (Work)
    >>Northern Telecom LLP
    >>Do you Yahoo!?
    >>Yahoo! Tax Center - forms, calculators, tips, more
    >David M. Fetter -
    >"The world is full of power and energy and a person can go far by just
    >skimming off a tiny bit of it." Neal Stephenson - Snow Crash

    Protect your PC - get VirusScan Online

  • Next message: John O'Connor: "Re: Telnet vs PcAnywhere"