Re: Vendor wants remote control of our Servers and Workstations

From: James Lee Gromoll (jgromoll@hotmail.com)
Date: 03/07/03

  • Next message: John O'Connor: "Re: Telnet vs PcAnywhere"
    From: "James Lee Gromoll" <jgromoll@hotmail.com>
    To: security-basics@securityfocus.com
    Date: Fri, 07 Mar 2003 13:30:42 -0800
    
    

    Take a look at their corporate homepage. I'm not sure what I think after I
    looked at their staff bio's. I did not see any computer science backgrounds
    and that makes me wonder..... If it were me, I would want control over how
    they do business or a real warm fuzzy feeling about the specific consultant
    working the project.

    >From: "David M. Fetter" <david.fetter@fetterconsulting.com>
    >To: tony tony <tonytorri@yahoo.com>
    >CC: security-basics@securityfocus.com
    >Subject: Re: Vendor wants remote control of our Servers and Workstations
    >Date: Thu, 06 Mar 2003 18:13:46 -0800
    >
    >Is this vendor going to be a long term solution? It sounds like a lot of
    >hassle if they are only going to be there on a short term. Assuming they
    >are long term, VPN is probably the best method. At least then, only a
    >couple ports need to be opened up on the firewall and the traffic will be
    >encrypted. However, the thing to check or try to push for, is to validate
    >how secure the vendors' network is. If their network is not secure and
    >they are compromised then so is your network. If they don't have proper
    >security policies and measures in place and your companies data is
    >considered sensitive, then it could present a huge security hole. It
    >basically like making a backdoor into your network through theirs.
    >
    >tony tony wrote:
    >>Folks
    >>
    >>We have an outside vendor (StellarRAD) that wants to come into our network
    >>(via
    >>VPN) and use pcAnywhere to maintain his software on 5 production servers.
    >>Vendor wants to also use a product like Blue Ocean to remotely control our
    >>workstations to help users with software problems (ie software is
    >>complex)or
    >>for trouble shooting. Blue Ocean software allows bi-directional file
    >>transfers
    >>and chat between the vendor and work stations.
    >>
    >>I approve all tickets for firewall changes. I told our firewall and
    >>network
    >>people that this ticket just does not *smell right* and I will conduct
    >>some
    >>research on the security issues. As always, the vendor/network/firewall
    >>people
    >>are putting the heat on to me to approve the ticket ASAP.
    >>
    >>In your opinion what are all the security issues? What should I recommend
    >>as a
    >>more secure way for 1) the vendor to access the StellarRAD production
    >>servers
    >>remotely and 2) help our users?
    >>
    >>=====
    >>Tony Torri CISSP, CISA, CDP, CIA
    >>Senior IS Security & Risk Manager
    >>360.906.7893 (Work)
    >>Northern Telecom LLP
    >>
    >>__________________________________________________
    >>Do you Yahoo!?
    >>Yahoo! Tax Center - forms, calculators, tips, more
    >>http://taxes.yahoo.com/
    >>
    >>
    >>
    >
    >
    >--
    >David M. Fetter - http://www.fetterconsulting.com/
    >
    >"The world is full of power and energy and a person can go far by just
    >skimming off a tiny bit of it." Neal Stephenson - Snow Crash

    _________________________________________________________________
    Protect your PC - get McAfee.com VirusScan Online
    http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963


  • Next message: John O'Connor: "Re: Telnet vs PcAnywhere"

    Relevant Pages

    • em, bge, network problems survey.
      ... Network hangs, server becomes unreachable, and after a few minutes, console doesn't respond anymore. ... pcib0: <ACPI Host-PCI bridge> port ... vendor = 'Advanced Micro Devices ' ... subclass = HOST-PCI ...
      (freebsd-stable)
    • Re: ActiveSync 4.1 Still does not work... (Solved for me)
      ... USB hardware (computer vendor), USB drivers (hub vendor, computer vendor, ... > (The default installation do not configure the network connection ... >> in the system tray for the new 'network adapter' with the 'acquiring ...
      (microsoft.public.pocketpc.activesync)
    • I started network trouble at work
      ... You can put pressure on the network vendor to cooperate ... >work stations (front-end to the control network) to each ... My office computer remains on ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Reduce ARP Traffic
      ... I once had to t-shoot a dial in issue with a vendor. ... Back to STP the reason I was posting, Phillip is right, STP is only used if ... server that is connected to each for redundancy. ... network, so I'm not too worried about that either. ...
      (microsoft.public.windows.server.networking)
    • Re: if_bge driver problem. - Upgrade to RELEASE :)
      ... vendor = 'Broadcom Corporation' ... device = 'BCM5703X NetXtreme Gigabit Ethernet' ... class = network ...
      (freebsd-stable)