On Site Visits, Do You Connect Your Laptop To Your Customers Network?

Avatar
John Scanlan
Sep 22, 2017
IPVM • IPVMU Certified

When you are on site at a customer location do they let you connect your laptop / tablet to their network?  If so, is there a security protocol in place to check your device.  If not, do they have vendor loaners, a dedicated workstation, or another solution in place?

Avatar
Brian Rhodes
Sep 22, 2017
IPVMU Certified

In my experience as an integrator, most small/medium commercial customers allow this, but high security, institutional, education, and military customers often forbid it.

It was common for military customers to match us up with a sys admin who ghosted us and basically lent themselves to whatever the job needed on the network.  As in:

Integrator: "Ping this address please"

Military IT tech: <clacks keys> "Okay, what next?"

Obviously this ensured high security because that escort would just flat out not do anything that might be vulnerable and kept strange computers out of their network.

(1)
Avatar
Bill Rosell
Sep 22, 2017

I use my laptop the vendor usually gives allows me to. If wifi I get a temporary password. Most businesses allow it some have somebody with you at all times.

 

(1)
UI
Undisclosed Integrator #1
Sep 22, 2017

I have access to nearly all of my customer owned networks via VPN regardless of scale.  We do also have access to more critical non-military sensitive sites that fall under government regulation as well. Those sites are accessed via a customer provided PC and a VPN specific to that PC from our office.

JE
Jim Elder
Sep 23, 2017
IPVMU Certified

In my specifications (new ones at least), I require the integrator to comply with best practices for any device they place on the corporate network.  It is clearly an advantage to both parties that such access be allowed; but it must be done with the highest security level possible in order for you to be a trusted vendor.  May want to provide a document that tells the Owners what measures you have taken to ensure his network will be safe. In fact, the Owner should actually require it. Your employees should also have written practices as to what they are required to do.  The last thing you want is an employee who unthinkingly installs some awful piece of malware on your customer's network (or his bad stuff on yours for that matter. 

(1)
U
Undisclosed
Sep 24, 2017

I explicitly ask for a "console visit" (yes that's an outdated misnomer but it works better with nontechnical physical security managers.)  If they have no idea that they should worry about the security in that, I just plug in (and write up a security issue.)  If they have rules, I then have a paper trail that I asked.

You're supposed to have rules.  You're supposed to require safety precautions.

You're also not supposed to bring infected usb sticks into the command center to upgrade the VMS but apparently that's common among integrators too.

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions