Tip

Granting access to an outsider

Granting access to an outsider
By Adesh Rampat

There may be times that you want to let some person not employed by your company onto your network. When? Well this tip suggests one circumstance when this may be necessary and offers some security considerations for you to follow if and when you do it.

Got a security tip of your own? Why not send it in? We'll post it on our Web site, and we'll enter you in our tips contest for some neat prizes.

    Requires Free Membership to View

Submit your tip today.


There maybe times when a network administrator needs to grant a partner, such as a company to which the organization has outsourced some IT function, access to the organization's network. You might have to do this to allow the partner to perform an application fix to some malfunctioning program, for example.

You can grant the partner company access to your organization's network via a Remote Access Service. Then you can join the partner company's workstation to the organization's domain. But when you do that, you have to remember that you have just let an entity onto your network about whom you know very little. And when joining a Windows workstation to a domain, remember that you have created a special trust relationship between the domain and the workstation.

Consequently, there are some very important points to keep in mind when granting an outsource or other partner company access to your network:

1. The User Account
  • Set logon hours to make the account available during normal working hours only.
  • Don't allow easy dial-up access. Establish any such connection via a callback in the remote-access software to help ensure caller security if you're going to use that method of remote access. VPN access is another story, of course.
  • Make sure to set an expiration date on the account; you don't want strangers granted indefinite access to your network.
  • Lock out the account after three failed attempts to log on.
  • Monitor your audit logs, especially for successful/unsuccessful logon attempts.
  • Require passwords to be changed more regularly than other user accounts.

    2. Access to files/folders
    Make sure that you restrict access to files for this user account. This account doesn't need access to everything on the servers. It only needs access to those files/folders that bear on the work the account will be doing. Failure to restrict access will widen the security hole that you have by allowing this workstation on your network at all.

    3. Finally...
    Ensure that the partner company's workstation runs the latest antivirus software. You don't need to get some broken piece of software repaired, or other maintenance function performed, only to introduce some virus into your network.

    About the author:
    Adesh Rampat has 10 years of experience with network and IT administration. He is a member of the Association of Internet Professionals, the Institute for Network Professionals and the International Webmasters Association. He has also lectured extensively on a variety of topics.

    Related book

    Hacking Exposed Windows 2000: Network Security Secrets and Solutions
    By Joel Scambray and Stuart McClure
    Online Price: $49.99
    Publisher Name: Osborne
    Published: Sept. 2001
    Summary
    This book will teach you, step-by-step, how to defend against the latest attacks by understanding how intruders enter and pilfer compromised networks. Renowned security experts and best-selling authors Joel Scambray and Stuart McClure provide examples of real-world hacks, from the mundane to the sophisticated, and detailed countermeasures to protect against them.


    This was first published in September 2001

  • There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.