This may seem inappropriate but my butt is on the line, so please read on.
I have 2 developers who have domain admin rights in a windows 2000 environment. I discovered on Friday that these 2 have been creating a VPN tunnel to another companies network and having several machines on that network interact with one of our machines on the internal network.
I escalated this issue to our collective supervisor. I know what his response was and I also know what mine was.
I can guarantee that there is going to be a big turf war over this one and so I seek your oppinions.
Does this have the potential to become a large security issue?
You need to collect evidence against the unauthorized activities that has been going on. Logs and sniffer traces should help. This definitely have a potential to become a security issue, depending on how secure you want your network to be.
I would say there is huge potential for that to become a security issue. Is there a valid reason for the other company to access your server? You also open up the possibility if the other company is not very security aware of attacks/virus infection making its way from their network to yours. On the other hand, if there is a need for this type of setup, isolate the server on your network behind an ACL (if possible) to protect your network from any type of attacks/worms etc, that might find its way from the other company to your network.
Have you considered discussing this with the developers? There could be a valid business reason for the interaction. What is your role in this company? The solution may be as simple as getting together and creating a business case, which should also include validating security issues/concerns.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...