> We have been receiving many requests from our system administrators to
> "vendors" access to our internal network via the firewall for "technical
> support" or "troubleshooting" purposes.
My old company had a few such requests. The answer was "no". What
we did was allow a few vendors dial in access to only the machine(s)
that we allowed them on. With some kind of password protected
Network Terminal Server inbetween your computer and the phone line,
this, as insecure as it is, is far more secure than allowing them
to come in over the Internet, IMHO. Besides, the telephone bills
will disuade them from coming in any more than is necessary (presuming
it's long distance). Lastly, many rack mounted modems have a "busy"
switch to give out a busy signal; you leave the modem they use in
the "busy" position unless you are having them dial in. This will
keep out the curious who dial every number in the area code looking
for modems (let's face it, today they are probably pinging IP
addresses, not dialing telephones). Another option is to leave the
modem unplugged when not in use, or turn the power off, etc. If
you trust your system administrators to faithfully shut it down
when not in use, you can even put the modem somewhere that they
have access to so that they don't have to bug you to flip the
busy switch for them.
From: Carl Jolley <cjolley @