Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

scanning/checking/validating a vendor's remote client before it connects to our system.

Posted on 2006-06-18
5
225 Views
Last Modified: 2013-11-16
I take care of a 'designated infrastructure critical' system (utility scada system)  (whoo-hoo).  Anyway, I've been so far successful about being pig-headed, er "adamant" about keeping our system contained to our system, no [known] connections to the outside, any outside, and I police it and monitor it pretty closely.

However, the system is past end-of-life, and we are in the process of spec'ing a replacement system, and I can see the writing on the wall.  The vendor, whoever it happens to be, is going to want to remote in to do tech support.  And I'm not totally opposed to that.  Necessarily.  Totally.  

It could have advantages.

Maybe.

To cut to the chase, I want a way to do a virus/trojan/malware/badboy scan on the vendor's dialup client and have it pass before I'll even close the (physical) connection between the outside firewall and our network.  

The vendor, of course, is going to say 'trust us.  We do our own scans etc'.  Which is of course a non-starter.  

Nor can I imagine them letting us install stuff on their machine (though we could make that part of the contract, I guess).

What do others do for this kind of thing?

I'm very familiar with working with GPL'ed stuff, so hopefully there's a reasonable solution there, but  I'm not averse to pay or subscription solutions either.

Brainstorming, I guess I'd look for something like a trendmicro housecall or whatever symantec calls their online scan that we could put on our DMZ that the client would have to pass before letting me know I can close the switch.  Or even, if we do this via public internet (unlikely), can redirect the client to housecall.

Or maybe there's a much better more comprehensive way?

Thanks!
0
Comment
Question by:amlp
  • 2
  • 2
5 Comments
 
LVL 30

Expert Comment

by:ded9
ID: 16931895
just The question please

Reps
0
 

Author Comment

by:amlp
ID: 16935614
What do others do for this kind of thing?
0
 
LVL 30

Expert Comment

by:ded9
ID: 16936378
Best bet is norton internet security
Which has a inbuilt firewall plus antivirus Which will scan data arising from other network

All you have to  do is set firewalls to avoid risks.

Reps

0
 
LVL 2

Accepted Solution

by:
TIsbill earned 250 total points
ID: 16936764
VMWare ACE is a product I have been looking at to do exactly what you are describing. You give the vendor a virtual workstation setup to access your network. This way you control the software that is on the virtual box that makes the connection to your network. You can even set the workstation to expire after a certain time periold or when a project is scheduled to finish.
0
 

Author Comment

by:amlp
ID: 16939071
TIsbill:  now that's an interesting idea.

I wonder if the same thing could be accomplished with, say, an NXclient running on their box, connecting to an NXserver here.

I'll look into the VMWare thing to.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question