Thank you for your comments and I agree. I am just really curious as to how this actually works. I think its time to call the actual middlemen (WebEx).
Thanks again. -----Original Message----- From: John Braden [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 20, 2001 2:00 PM To: Steven Bonici Cc: '[EMAIL PROTECTED]' Subject: Re: Taking control of ones machine Forgive the appearance of impertinence, but "Your management is nuts". There are certain phrases in the english language that you must be wary of. "All you have to do is ..." is right up there with "Guess what, I am going to kick you in the .......... and see if you can keep a smile on your face!" First action - close down the software. It is your choice as to whether you want it on the system for perhaps a valid support reason, but ... it should never be active unless a) You are advised by the vendor before hand along with the name of the technician entering, and b) The vendor must secure a new password from you each time they enter, and c) The vendor has signed a letter or document that they will be responsible for theft and/or damages should they occur as a result of entrance, and d) The vendor documents in each case why they had to enter, what actions they were planning, and a final report on what they actually did, and f) You are on hand during the entire access period, and e) The access period cannot go past 11:55pm and may not begin before 00:05am, and f} You change the password immediately after the access. A final caveat - the server they enter should not have security access parameters (codes, passwords, routes, etc.) that lead to your active business critical files (Customer, financial, marketing and competitive files). Otherwise, you are giving your first born son to the devil. Anyway, Happy Holidays! John Braden Steven Bonici wrote: > You have to forgive me with the following questions, as I am not sure if > this is the right group. > > We have been asked by one of our software vendors to allow them to use WebEx > to take control of one of our servers. They explained to me that all I need > to do is to install a "plug-in" and they can take control of the server > through a web browser. We staged a test with a test server, and they came > right in and took control. Isn't way too easy? > > I haven't contacted them yet, I thought I would ask here first. Is there > any documentation or white papers into how this actually works and what can > be done to protect the machine? Does anyone have any insight into WebEx? I > am really curious as to how easy this is. I know once you go to the WebEx > web site you need to agree and "allow" someone to actually connect, but it > just seems way too easy. > > I know that websites can grab information from your browser, but again I > would love to know "how" and all this seems to be connected in some way. I > downloaded a copy of "pcaudit.exe" (by Internet Security Alliance), and that > just goes to prove how vulnerable one is. > > Any information would be greatly appreciated. > Thanks - Steven > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
