Hey everyone! I'm curious about the typical process for granting VPN access to vendors. When you have a vendor needing access, what do you usually ask them to fill out on the VPN request form? For instance, do they just provide the system names and the access types like RDP, SSH, or Web? Are they also expected to give details like IP addresses and ports? Additionally, how do you typically manage this internally after receiving their requests? I'm looking to see how different organizations handle this in practice. Thanks!
3 Answers
For vendors needing VPN access, we ensure the access is restricted strictly to what they need. Their accounts are set to expire after 7 days unless they request an extension. All connections must go through the VPN; we don't expose RDP or SSH directly to the internet to ensure security.
In our setup, we usually don't grant vendors VPN access for brief tasks. If they need access to a production environment, we typically set it up through a supervised session on Zoom with our admin overseeing the work. For longer-term needs, like development, we create a specific VPN profile on a unique IP range. Then, we update both our North/South firewalls and apply policies to limit access to just the systems they need, often on test or dev VLANs to prevent access to production from the VPN.
We have a strict policy requiring justification for the scope of access, setting time limits, and enforcing least privilege access principles to keep everything secure.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures