I've got a third-party company asking to install F5 Endpoint Inspection on the devices in our company that will access their shared files over the F5 VPN. I don't really have any experience with this software, but it seems like it could give them a lot of access to our device information and security protocols. This makes me pretty uncomfortable. Am I justified in my hesitation, or is it not as risky as it appears? The documentation I found isn't very clear on whether it would give them remote access to do things on our devices. I'd love some insights or personal experiences with this type of software. Also, just to add, we've now decided not to allow the software installation. If access without it isn't possible, we'll just set up a separate PC with no network access for their files.
5 Answers
Absolutely not. If they don’t trust your systems, they should provide their own laptops for you to use when accessing their files. That’s the standard practice to ensure security on both sides.
A compliant laptop provided by them sounds like the best way to go.
Just say no. Your network is yours, and you don’t need to compromise it for anyone else’s convenience.
Definitely a hard no from me. This kind of setup can lead to major security risks, especially with remote code execution possibilities tied to the F5 software. It’s not worth the risk of giving any third party that level of access to your devices.
Exactly. Even if users don’t have admin access, the potential for exploitation is enough reason to walk away from this proposal.
Third-party access should always go through your firewall, and at no point should you allow software installation that you can’t control. Stick to your guns on this one.
It's ridiculous that this is even on the table. Your data security comes first, and allowing third-party installations like this could open you up to attacks on your entire network.
Agreed, using VDI would be a great safer alternative here.