Solved

Best Way to Give Third Party Access to My Network

Posted on 2016-07-19
5
93 Views
Last Modified: 2016-11-22
Our accounting department has contracted with Mosaic (http://www.mosaiccorp.com/) to perform various document management tasks for processing invoices.

The main item that Mosaic needs to implement its app, Eclipse, which uploads the documents from our LAN to Mosaic's server, is a machine to install Eclipse and some space on a drive to store the documents scanned from the various offices. This is all set up.

My problem is deciding upon the best way to give the Mosaic people access to that local machine to run their app.

The Mosaic engineer said that they routinely use GoToMyPC to manage their app on their clients' machines. Though I believe Mosaic to be trustworthy and to not muck up my machine, I can't think of a way to keep them from looking around my network if we use GoToMyPC. My only other idea is to set up RDP for them, though that doesn't really keep them from peeking, either. The engineer said that the access is just for checking on the app periodically and that .

The local machine in question is a Dell PowerEdge T310. It is a member server running Server 2008 Standard SP2. There is nothing on it but an FAQ app that we don't use. In fact, this box pretty much just sits there. I partitioned off 100GB for the files and set up the folder structure. We are ready to move except for granting Mosaic access to the machine/network.

Suggestions?
0
Comment
Question by:gbrooke
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 14

Accepted Solution

by:
Andy M earned 350 total points
ID: 41719508
You could setup an AD account for them which only allows access to that particular machine (deny logon rights to any other device on the network, don't make it a domain admin, don't allow access to shared folders, etc). That should prevent them from snooping. In addition you can also set the account to auto-disable at a particular length of time so that they have to call up to get access to the device when required.
1
 
LVL 12

Assisted Solution

by:Bryant Schaper
Bryant Schaper earned 150 total points
ID: 41719526
Andy said what I was going to, you could also control the gotomypc account, so you can disable and enable as needed so they dont have free reign to logon whenever they need to.  We use to use a product that required a unique pin each time for access to maintain our SOX compliance.  I believe it Bomgar.
0
 

Author Comment

by:gbrooke
ID: 41719582
Our remote access app is TeamViewer. I did think about checking with them to see if they had some way of limiting the third party's access but I kept going back to RDP and AD. Since you both recommend that, I believe I will do it that way.

One other thing: Should I use the server or dedicate a desktop to this? I chose the server mostly because it's not doing anything and wanted to get some mileage out of the hardware. I do have a couple of older Optiplexes on the shelf that I could rebuild, stick in a corner and dedicate to this.
0
 
LVL 12

Expert Comment

by:Bryant Schaper
ID: 41719620
You could use either, is it the only function of that server?  

Teamviewer can be setup so you provide the session id, then you can control the session access
0
 

Author Comment

by:gbrooke
ID: 41719770
Thanks, gents. I'm going to leave it on the server for now and set up RDP.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question