And of course you are monitoring their each and every move as they play on your systems one hopes....
Thanks, Ron DuFresne On Thu, 20 Dec 2001, Security Related wrote: > WE have need for such connectivity from our vedors on occasion, > and our typical method is a dial up line, connected to an > external modem. When there is a problem, needing the vendor's > support we turn the modem ON, and tell them what the password > is. They have to know a password for the PCAnywhere connection, > and the local login on the machine, and we have to turn the > modem on by hand when needed. > > ES > === > ----Original Message Follows---- > From: Steven Bonici <[EMAIL PROTECTED]> > To: 'Ron DuFresne' <[EMAIL PROTECTED]>, Steven Pierce > <[EMAIL PROTECTED]> > CC: Steven Bonici <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > Subject: RE: Taking control of ones machine > Date: Thu, 20 Dec 2001 14:02:31 -0500 > > I should have explained a little better... Actually it is a software vendor > using the services of WebEx to take control of a server for support issues > when needed. > > -----Original Message----- > From: Ron DuFresne [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 20, 2001 1:50 PM > To: Steven Pierce > Cc: Steven Bonici; [EMAIL PROTECTED] > Subject: Re: Taking control of ones machine > > > > Steven, > > I can't answer that for you, you should have more info on the needs of > this vendor then I. Why did they 'claim' to require this level of access? > What are they trying to 'do for you'? I'd certainly be loath to allow any > vendor this level of access to my systems, especially if this is being > done across the Internet, but even if they were in house at my keyboard, > I'd be over their shoulder the whole time <smile>. Far more is done out > of stupidity of vendor consultants then out of any will do to harm in > cases like this. > > Thanks, > > Ron DuFresne > > On Thu, 20 Dec 2001, Steven Pierce wrote: > > > > > Ron, > > > > I agree 100%. I would be asking WHY are they in need of this > > access? If they need access to a server, I would set up one that > > does not give them ANY access to my network. Then I can post > > information on it if needed. Also give them a log in not full access, > > that way (Company) keeps ROOT access... > > > > S > > > > *********** REPLY SEPARATOR *********** > > > > On 12/20/2001 at 12:39 PM Ron DuFresne wrote: > > > > >On Thu, 20 Dec 2001, Steven Bonici wrote: > > > > > > [SNIP] > > > > > >> > > >> I haven't contacted them yet, I thought I would ask here first. Is > there > > >> any documentation or white papers into how this actually works and > what > > >can > > >> be done to protect the machine? Does anyone have any insight into > > >WebEx? I > > >> am really curious as to how easy this is. I know once you go to the > > >WebEx > > >> web site you need to agree and "allow" someone to actually connect, > but > > >it > > >> just seems way too easy. > > >> > > > > > > > > >Just don't install their trojan <smile>. This is basically what you are > > >doing, installing their application that simulates what many trojans do, > > >give unlimited access to the system. > > > > > >Thanks, > > > > > >Ron DuFresne > > >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > >"Cutting the space budget really restores my faith in humanity. It > > >eliminates dreams, goals, and ideals and lets us get straight to the > > >business of hate, debauchery, and self-annihilation." -- Johnny Hart > > > ***testing, only testing, and damn good at it too!*** > > > > > >OK, so you're a Ph.D. Just don't touch anything. > > > > > >_______________________________________________ > > >Firewalls mailing list > > >[EMAIL PROTECTED] > > >http://lists.gnac.net/mailman/listinfo/firewalls > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > "Cutting the space budget really restores my faith in humanity. It > eliminates dreams, goals, and ideals and lets us get straight to the > business of hate, debauchery, and self-annihilation." -- Johnny Hart > ***testing, only testing, and damn good at it too!*** > > OK, so you're a Ph.D. Just don't touch anything. > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > > > > > ********************************************************* > * This email address does not wish to receive ANY * > * unsolicited email. Anyone sending unsolicited email * > * to this email address will be charged a US $50 fee. * > * By obtaining and using this email address you * > * agree to these terms. Failure to abide by this * > * agreement will result a comlpaint being filed to * > * the federal trade commission [EMAIL PROTECTED] * > ********************************************************* > > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
