I'm looking for the best practices for allowing external or vendor users to access our network resources. Should we use VPN, PAM, or something else? Any advice on managing their access securely would be great!
5 Answers
Consider using Citrix desktops for vendor access. This keeps their activities contained within a controlled environment.
One effective method is to create dedicated vendor accounts that grant only the minimum access necessary to the specific network resources. It might also be smart to set up an expiration date or reminders to disable these accounts once their work is completed.
It really varies depending on the situation. If the vendor needs to support a specific system—like HVAC—grant them access to that isolated system only. For more sensitive environments, remote access can be allowed, but it should always be monitored by someone from our team.
Using tools like VPAM can be helpful, allowing limited access while making sure that vendors reach out to IT for any additional support. Plus, VPAM records sessions, so we can review what was done and identify if any issues were caused.
Make sure to avoid any unattended access. If a vendor needs to handle something, they should do it via a screen sharing tool like Teams while we oversee the session through RDP or SSH.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures