Problem solve Get help with specific problems with your technologies, process and projects.

Granting access to an outsider

This tip offers advice for times when you need to let someone outside of your company onto your network.

Granting access to an outsider
By Adesh Rampat

There may be times that you want to let some person not employed by your company onto your network. When? Well this tip suggests one circumstance when this may be necessary and offers some security considerations for you to follow if and when you do it.

Got a security tip of your own? Why not send it in? We'll post it on our Web site, and we'll enter you in our tips contest for some neat prizes. Submit your tip today.

There maybe times when a network administrator needs to grant a partner, such as a company to which the organization has outsourced some IT function, access to the organization's network. You might have to do this to allow the partner to perform an application fix to some malfunctioning program, for example.

You can grant the partner company access to your organization's network via a Remote Access Service. Then you can join the partner company's workstation to the organization's domain. But when you do that, you have to remember that you have just let an entity onto your network about whom you know very little. And when joining a Windows workstation to a domain, remember that you have created a special trust relationship between the domain and the workstation.

Consequently, there are some very important points to keep in mind when granting an outsource or other partner company access to your network:

1. The User Account
  • Set logon hours to make the account available during normal working hours only.
  • Don't allow easy dial-up access. Establish any such connection via a callback in the remote-access software to help ensure caller security if you're going to use that method of remote access. VPN access is another story, of course.
  • Make sure to set an expiration date on the account; you don't want strangers granted indefinite access to your network.
  • Lock out the account after three failed attempts to log on.
  • Monitor your audit logs, especially for successful/unsuccessful logon attempts.
  • Require passwords to be changed more regularly than other user accounts.

    2. Access to files/folders
    Make sure that you restrict access to files for this user account. This account doesn't need access to everything on the servers. It only needs access to those files/folders that bear on the work the account will be doing. Failure to restrict access will widen the security hole that you have by allowing this workstation on your network at all.

    3. Finally...
    Ensure that the partner company's workstation runs the latest antivirus software. You don't need to get some broken piece of software repaired, or other maintenance function performed, only to introduce some virus into your network.

    About the author:
    Adesh Rampat has 10 years of experience with network and IT administration. He is a member of the Association of Internet Professionals, the Institute for Network Professionals and the International Webmasters Association. He has also lectured extensively on a variety of topics.

    Related book

    Hacking Exposed Windows 2000: Network Security Secrets and Solutions
    By Joel Scambray and Stuart McClure
    Online Price: $49.99
    Publisher Name: Osborne
    Published: Sept. 2001
    This book will teach you, step-by-step, how to defend against the latest attacks by understanding how intruders enter and pilfer compromised networks. Renowned security experts and best-selling authors Joel Scambray and Stuart McClure provide examples of real-world hacks, from the mundane to the sophisticated, and detailed countermeasures to protect against them.

  • This was last published in September 2001

    Dig Deeper on Privileged access management

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.