I am about to build a security policy for 3rd party vendors and contractors who will need access our network. Does anyone have a template I can use, or point me in the right direction? Due to some compromise of network security recently, I need to present a policy to the Executives to sign off on. And I know the vendors will not be real happy about it (they like to use RDP, which I locked down!) We have a few vendors that do remote support of products. I asked that they give me an IP range so I can create rules at the firewall, but they kick and scream about their own support staff that "sometimes" remote in from home. (using pcAnywhere or RDP)
And any tips or advice on that subject is greatly appreciated.
thanks in advance.