It's a BAD idea. What I'd recommend (based on experience) is to set up
a separate access for vendors (Frame Relay, ISDN, whatever), and run them
through a firewall (a filtering router will work in this case). Also,
you need to get a LOT more specific about the specific types of traffic
that you will allow through. Don't let the vendor bamboozle your management
into believing that this type of wide open access is "necessary" to the
proper operation of whatever service they are providing.
I will usually allow either a subnet of a vendor, or we assign an IP address
that we specify for them to use by PPP or CSLIP which gives us more precise
control over what they are doing, and where they can connect to within our
network.
Good luck,
BobK
|
|
