amlp
asked on
scanning/checking/validating a vendor's remote client before it connects to our system.
I take care of a 'designated infrastructure critical' system (utility scada system) (whoo-hoo). Anyway, I've been so far successful about being pig-headed, er "adamant" about keeping our system contained to our system, no [known] connections to the outside, any outside, and I police it and monitor it pretty closely.
However, the system is past end-of-life, and we are in the process of spec'ing a replacement system, and I can see the writing on the wall. The vendor, whoever it happens to be, is going to want to remote in to do tech support. And I'm not totally opposed to that. Necessarily. Totally.
It could have advantages.
Maybe.
To cut to the chase, I want a way to do a virus/trojan/malware/badbo
The vendor, of course, is going to say 'trust us. We do our own scans etc'. Which is of course a non-starter.
Nor can I imagine them letting us install stuff on their machine (though we could make that part of the contract, I guess).
What do others do for this kind of thing?
I'm very familiar with working with GPL'ed stuff, so hopefully there's a reasonable solution there, but I'm not averse to pay or subscription solutions either.
Brainstorming, I guess I'd look for something like a trendmicro housecall or whatever symantec calls their online scan that we could put on our DMZ that the client would have to pass before letting me know I can close the switch. Or even, if we do this via public internet (unlikely), can redirect the client to housecall.
Or maybe there's a much better more comprehensive way?
Thanks!
However, the system is past end-of-life, and we are in the process of spec'ing a replacement system, and I can see the writing on the wall. The vendor, whoever it happens to be, is going to want to remote in to do tech support. And I'm not totally opposed to that. Necessarily. Totally.
It could have advantages.
Maybe.
To cut to the chase, I want a way to do a virus/trojan/malware/badbo
The vendor, of course, is going to say 'trust us. We do our own scans etc'. Which is of course a non-starter.
Nor can I imagine them letting us install stuff on their machine (though we could make that part of the contract, I guess).
What do others do for this kind of thing?
I'm very familiar with working with GPL'ed stuff, so hopefully there's a reasonable solution there, but I'm not averse to pay or subscription solutions either.
Brainstorming, I guess I'd look for something like a trendmicro housecall or whatever symantec calls their online scan that we could put on our DMZ that the client would have to pass before letting me know I can close the switch. Or even, if we do this via public internet (unlikely), can redirect the client to housecall.
Or maybe there's a much better more comprehensive way?
Thanks!
ASKER
What do others do for this kind of thing?
Best bet is norton internet security
Which has a inbuilt firewall plus antivirus Which will scan data arising from other network
All you have to do is set firewalls to avoid risks.
Reps
Which has a inbuilt firewall plus antivirus Which will scan data arising from other network
All you have to do is set firewalls to avoid risks.
Reps
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
TIsbill: now that's an interesting idea.
I wonder if the same thing could be accomplished with, say, an NXclient running on their box, connecting to an NXserver here.
I'll look into the VMWare thing to.
I wonder if the same thing could be accomplished with, say, an NXclient running on their box, connecting to an NXserver here.
I'll look into the VMWare thing to.
Reps