Often the weak link in the security chain, remote access by third party vendors and contractors requires controlled network separation and activity monitoring. In fact, many recent, high-profile data breaches have occurred due to attacks originating from third-party vendors.
Dave Shackleford, SANS Instructor & Founder of Voodoo Security, gives tips on how to mitigate that risk – with a focus on secure connection gateways, proxied access, and auditing and recording of the third-party session.
Dave Shackleford is the owner and principal consultant of Voodoo Security and a SANS analyst, senior instructor, and course author. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. He has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and as a security architect, analyst, and manager for several Fortune 500 companies.