Monitor and control remote connections

5 posts / 0 new
Last post
camdeboo_ito
camdeboo_ito's picture
Offline
Last seen: 4 years 1 month ago
Joined: 2011-03-04 15:28
Monitor and control remote connections
Hi
We have several different servers running specialised software from different companies.
These providers use either Teamviewer or RealVNC to connect to our servers and network.
But I am not comfortable with the fact that they can access the servers whenever they like, uncontrolled and unmonitored.
Is there a way that I can issue them an access ticket of sorts that will only open Teamviewer/VNC access from set IP for a certain time period?
And record why the person accessed the network?
Any ideas?
Thanks in advance
Chris
Pieter van den Berg
Pieter van den Berg's picture
Hi Chris, I personally would

Hi Chris,

I personally would not recommend having these suppliers access your servers remotely at anytime unless its controlled and you can actually see what they are doing.

What I would suggest is to stop the Teamviewer/VNC services on the servers and only give them access when they call you and make a proper arrangement.

I would do the following:

1. When a supplier needs to work on the production servers, a call needs to be logged for this and proper arrangements need to be made.
2. System changes can only be performed after hours and not during work hours.
3. Make a proper backup of the server before they start working on it.
4. With TeamViewer you can start the session and actually sit and see what they are doing or they need to sign next to the start and finish time so that if anything goes wrong during that time, you would know they worked on the server.

I've in the past also had issues with suppliers connecting to one of our servers, making changes and the next day we have even more issues. If its a big change like an upgrade or something, I would suggest letting them be on site.

Hope this help. ( You can also look at other apps like: Log Me In or BOMGAR)

Nino
Nino's picture
Offline
Last seen: 2 years 11 months ago
Joined: 2011-06-01 20:29
Chris, I've uploaded 3 SOP's

Chris,

I've uploaded 3 SOP's to the ShaeIT section. One of the documents is a Change Control Form.

I have included change control in our IT policy and therefore FORCE suppliers to use it. Failure on their side to comply with our policy could lead to a breach in contract and thus the cancellation of their services.

What we do is as follow in order of preference:

Teamviewer: This is set up without using fixed passwords. Once I receive a change control form from the supplier, I fix a password and mail it to them. At the same time a put a reminder on my outlook for the time the indicate on the change control form, to remove the password. This gives me the control to know exactly who is logged in and also who is accountable.

VPN: Each supplier has its own VPN login, thus we can track who logged in. The VPN user also can only get access to their system.

Lastly, I force suppliers to use certain Virus packages.

Regards,
Nino

camdeboo_ito
camdeboo_ito's picture
Offline
Last seen: 4 years 1 month ago
Joined: 2011-03-04 15:28
Hi Nino I like that idea. Now

Hi Nino
I like that idea.
Now just to get it past management. My last set of instructions was to ensure that each server had a dedicated ADSL line so that the suppliers can have uninteruppeted, uninhibited, and unmonitored access.
Go figure...

Christopher Nash

Camdeboo Municipality | Cacadu District | Eastern Cape
Tel:        049 807 5859 | Cell:       076 099 0163 | Skype:&n

The AG requires that all

The AG requires that all third party vendors be monitored with the inclusion of the change control policy and appropriate approvals.

All back-end servers have Root or administrator accounts and they have full user rights to do complete administration but it also provides an environment for abuse. in other words, it is difficult to find out who in the third party company did what as there may be more than one person from the company working on the system and to litigate, it is always important to have clear audit trails especially if you are also asked to assist with reboot or assist the service provider with certain services or functions.

you can investigate programs such as Privilege user manager (PUM) from NetIQ that will enforce policies specific to administrator or root (linux /unix) users.

Firstly the super-user accounts are “removed” and only actual user accounts can be used to perform system maintenance. If users logon with their own accounts, they can be logged and their actions recorded via SIEM.

Also per command or system right, PUM can configure explicit rights and specific actions within these commands which limits the super-user to doing only what they are supposed to.

this will ensure better Audit compliance and it is estimated to cost around R6000 per server.

regards

mahesh srini

Log in or register to post comments