Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Please read - my butt is on the line

All,

This may seem inappropriate but my butt is on the line, so please read on.

I have 2 developers who have domain admin rights in a windows 2000 environment. I discovered on Friday that these 2 have been creating a VPN tunnel to another companies network and having several machines on that network interact with one of our machines on the internal network.

I escalated this issue to our collective supervisor. I know what his response was and I also know what mine was.

I can guarantee that there is going to be a big turf war over this one and so I seek your oppinions.

Does this have the potential to become a large security issue?

Thanks all.

2 REPLIES
New Member

Re: Please read - my butt is on the line

What does your organisation's security policy have to say on the matter?

In my experience, most organisations consider it a severe breach of conduct to allow unauthorised access to their information systems to a third party.

In other words, if this "other company" can access your network through the VPN, and this access has not been duly authorised, those dev guys should get fried.

New Member

Re: Please read - my butt is on the line

We restrict that access to ONLY our support staff who needs to be able to remotely connect to other sites. They are isolated on their own VLAN and could not compromise the corp network security. Also your Security Policy IS the single most important document you have to cover your butt on this one. If you don't have one, Schedule some meetings and make one. It is a tough task but there is plenty of documentation out there concerning the subject. Check out the standards and regulations located on the bottom of the site I am posting. Good Luck!

http://securityresponse.symantec.com/avcenter/security/Content/security.articles/corp.security.policy.html

141
Views
0
Helpful
2
Replies
CreatePlease login to create content