Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Remote Control

from [Adrian DuPre] Network Security [Permanent Link]
Subject: Re: Remote Control
Date: Thu, 30 Sep 2004 08:53:24 -0500 
   Without sending you the acutal policy, here goes--  I work in the
medical device industry (FDA/ISO controlled), and we use electronic
signatures.  Since you never know what potentially confidential
information is on a users' screen when you  initiate a remote control
session (i.e. purchasing, quality records, HR data), our remote
control policy includes the following:
1.  Permission must be granted by the user before initiating a session
2.  The method of permission, and the date/time of the remote control
session as well as who initiated the session and what work was
performed are logged in our help desk software (CYA measure)
3.  Upon finishing remote work, IT staff must close all applications
opened during the session.
4.  Any exceptions require approval of IT management, and are
documented and logged.

In our case, it would be nice if we could configure the remote control
software (LanDesk) would create the access record automatically,
allowing the "controller" to only input permission granted and work
performed.

Hope that helps!

-Adrian DuPre'


-----Original Message-----
From: Furutani, Curtis Y Mr TAMC [mailto:Curtis.Furutani@us.army.mil]
Sent: Tuesday, September 28, 2004 6:10 PM
To: security-basics@securityfocus.com
Subject: Remote Control

Anyone have sample policies for remote control of end users desktops? 
Do you require some type of acknowledgement or approval to remotely
administer or assist?
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Windows 98 box is 'owned', Darren Kirby
Next by Date:  Re: Client End Firewalls, Steve
Previous by Thread:  RE: Looking for some good sources, Dinis Cruz
Next by Thread:  Looking for mixed Unix/Windows secure coding course, Hollis via Rubicon Recluse
Indexes:  [Date] [Thread] [Top] [All Lists]