Foreign Based Help Desk or Service Desk

By chip.ankrom ·
What can you do to secure you systems if a foreign based Help Desk or Service center must service you application or hardware off the internet? They also gain administrator rights to your system.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Bugger All

by OH Smeg In reply to Foreign Based Help Desk o ...

You can not do much at all except look to see if there are any Complianceing Regulations that you have to abide by and if there are if they cover this. If they do and do not allow this then what's more important getting the Application patched/Updated/whatever or maintaining your Accreditation? If they have a praviso for this follow the instructions to the Letter no matter what they are. If something goes wrong you have done exactly what you where supposed to and you can not be blamed. If you do more than was expected you could get the blame for whatever happens.

About all you can do is install something that requires the Remote Site to get permission from a person who has to organize a Staff Member to open a connection be there to watch the logging in and whatever is done to the unit and then when they log off Lock down the connection so it can not be activated till whoever opens it next time.

But in all honesty if they deposit something or a Patch breaks your Security Policies there s nothing you can do about this. This is why there are Complianceing Rules in place for many types of Organizations.


Collapse -

Lots of Things

This all depends on the technologies you are using, but you can lock down your firewalls to only permit remote access by the IP ranges used by the foreign company.
You can also use individual usernames and passwords instead of a single account. Make sure to use strong passwords and change them regularly.

Collapse -

Based upon the original post

by jdclyde In reply to Lots of Things

I think he is more concerned about the VENDOR and what they might do WHILE they have access to his systems.

Have them to a web-ex session, and watch what they do, very carefully.

having a sniffer going might not be a bad idea as well to watch for anything being done behind the scene.

Related Discussions

Related Forums