Vendors & Security & Protocol

Bennett, David bennett at rmcnet.robert-morris.edu
Fri Oct 9 18:11:52 EDT 1998


     I'm curious to find out what relationship you have developed with 
your vendors with respect to security.  Do you have your firewall 
continually open to a vendor?  Do you allow vendors 24 hour access to 
your box or do you ask them to contact you first before you let them in 
(change passwords, etc).  Under what conditions do you give a vendor the 
root password?

    Those of you with wide open security may wish to  email me directly, 
and not to the list  : ).   I have a vendor that is requesting 
unrestricted unlimited access, and I wondered if this community thinks 
this is standard and/or reasonable. 

     A quick search of the archives turned up this  Aug 21, 1997 quote:

>In conclusion, let me state my personal opinion. The customer owns the 
system,
>and the data on the system. The customer has the most interest in 
protecting
>the system, and the most responsibility for protecting that investment. 
The
>customer organization needs to have an accurate assessment of its 
technical
>expertise or lack thereof, in order to prevent damaging the system. But
>ultimately the control of the system must rest with the customer.
>Just stirring things up, and interested in other opinions,
>...Bob Rasmussen, President, Rasmussen Software, Inc.

******************************************************
David Bennett  (bennett at robert-morris.edu)
Systems Support & Instruction Librarian
Robert Morris College Library
881 Narrows Run Road
Moon Township, PA  15108
(412) 262-8474
(412) 262-4049 fax
****************************************************** 



More information about the Web4lib mailing list