Anyone have any good ideas for allowing secure vendor dial-in?
We have several vendors that occassionally need to dial-in to our
equipment to figure what we broke :) or to assist in certain problems
The most secure and reasonable flexible method is yanking the phone
cord from the wall until someone from the vendor calls in reference to
a current problem asking to dial-in. The problem with that is how do
I know its really the vendor? (Then again when the repair guy shows up
with an MCI jacket, how do I really know he's from MCI. Yeah yeah yeah.)
I just recently had a problem that required my vendor to periodically
dial-in to some equipment around the clock. I like my job but I'm not going to
hang out 24hrs a day plugging & unplugging a stupid phone cord.
We have a new database product that the vendor (a differnet one no less)
requires an ISDN line running PPP to connect to our network for support.
Yipes! This one I really don't like. I've thought about running the ISDN to
a router outside my firewall and making them come through it. Right now
my firewall is config'd not to let anyone in frome the outside period.
I suppose I could setup something secure using the filtering capabilities
of my router AND S/Key or SecureID on my firewall, but that doesn't seem very
practical. I can here them calling up and saying the lost the secureID card!
Any ideas? I hope this isn't one of those "Well, there is some risk you have
----- Ed Maillet