Home page logo
/

basics logo Security Basics mailing list archives

Re: VPN Access for Consultants
From: Byron Sonne <blsonne () rogers com>
Date: Thu, 20 Nov 2003 21:25:54 -0500

I told them no, I do not want to create a tunnel between
my network and theirs but I would allow them to plug their laptops into
the dmz or outside the firewall so they can access their network.  They
proceeded to look at me like I had six heads and act like I was the only
security admin that wouldn't allow this.

If it's your network, you made the right call 100%. They say their network is secure, but is it really?

I've been asked to do what you're being asked to do, but after I told them that I want to personally audit their network and servers, and want a full report of all security mechanisms, policies, diagrams and copies of standard system images for inspection, they thankfully relented. Until my management changed :(

If you can sell the risk assessment to your bosses, and make them understand the issues, then that REALLY, REALLY helps. Sadly though, make sure you have a paper trail and audit every second the consultants are plugged into your network.

If this doesn't work perhaps you can provide them with a locked down workstation that you've put together yourself and meets your requirements. Perhaps explaining it to them using the 'safe sex' paradigm (your network = your body) might also be of help; sometimes understanding the issue is the real problem... "You say you're not infected, but I'm connecting to every network you connect to" ;)

Too many consultants are just semi-tech-literate suits really, and don't know the true condition of their own infrastructure and it's risks. They don't have to care about your network or servers, they're there to sell services and make money, remember that... they'll play you as much as they can. If they still want to access their network from inside yours, then point them to the RJ-11 jack on the wall and offer to lend them a modem :)

--

        For good, return good. For evil, return justice.


---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]