Consider setting up an openvpn "jump box" for vendors (and yourself!) to use.
On Nov 13, 2016 4:00 PM, "Bill Prince" <[email protected]> wrote: > We checked our Trango PTP links, and they all have this issue. They are > all on private /30 or /29 subnets, but we added a couple firewall rules to > prevent any SSH interlopers from getting in. Sure, we'll have to disable > the firewall rules to actually get in to do something, but that doesn't > happen very often. > > > bp > <part15sbs{at}gmail{dot}com> > > > On 11/13/2016 1:35 PM, George Skorup wrote: > > I don't exactly see the problem, especially with a PTP radio that should > only be accessible from within your network and possibly only from > management subnets/VLANs, too. If it's a public facing piece of equipment > like a router, then sure, I agree. > > On 11/13/2016 3:07 PM, Paul Stewart wrote: > > Totally disagree with this… we would never let a vendor into our network > if there was a possibility of this. It puts our network at risk from their > stupidity …. > > We aggressively look at this when new products are coming into the network > - realizing that sometimes there’s no way to detect it but it’s a question > we ask, tests that we run, and hope that our confidence in this being > possible is low. > > > On Nov 13, 2016, at 11:59 AM, Ken Hohhof <[email protected]> wrote: > > Yep. There are legitimate needs for the factory to have a backdoor > > > > >
