Question
-
Topic
-
You stance on third party assistance/support tools?
LockedHi,
We have a company network spanning just over 40 sites and 5 countries.
We have two web gateways and perimeter firewalls (with two content filters) for the whole IT estate. We generally lock down all inbound and outbound ports unless there is a business need for their use.
Similarly, with web sites, we block access to any web categories which might present a threat to the company network.I would class 95% of our user base as non-IT orientated – they wouldn’t know what “Operating System” they we were running, if asked (or indeed how to find out).
Quite frequently, we get asked to allow access to TeamViewer and the many other similar services. The reason is usually to allow a third-party to assist one of our users with third-party software.
This is something which we (as technical personnel) hate doing, due to the security implications.
We have had instances of people (of dubious intent) calling our branches, stating that “your IT department has asked me to update some software on your computer, please go to X and I will connect.”.
No matter how much you try and educate your users, most of the time, they will just trust in what they are hearing, and allow these strangers to connect to the machines.The problem is, if we outright block all third-party remote access/assistance, then management will just overide our policy, stating “we need it do business”.
I am interested to hear what your security stance is when it comes to allowing your users to grant access to third-parties via such mediums.
I would also love to hear your pros and cons for allowing or disallowing such access. Or, even, if you have found alternative solutions; such as only allowing third-parties in via pre-arranged VPN services.
Thank you very much for your time.
Best Regards,
EJ