Monitoring Vendor Access

Traditionally many vendors require 24x7 direct phone line access to their equipment located on customer premises. This is very convenient for the vendor. However, with the recent heightened security concerns, this idea is coming under scrutiny by more and more customers, who after all, have the final responsibility for securing their systems.

It is becoming recognized method of easy access to systems and the access methods, passwords, etc. are becoming common knowledge. With the lax hiring practices of some vendors and the turn over in personnel in the industry, your system may become an unwilling pawn in the competitive market place or even of a disgruntled employee of the firm.

From the customer's standpoint, not only is the loss of data or the integrity of the data a concern, but also if newly loaded software is unfamiliar, the entire system could be effected. Worst case, if it causes injury or loss to a client or customer, your company may be held liable.

As these concerns mount, the customers are looking for some accountability while still maintaining good relations with their vendors. In fact some of the more forward-looking vendors are also recognizing these facts and are initiating plans of their own.

Once analyzed, the solution could become complicated and overly corrective. There are various levels of security that may be employed, but one product that is being used as a happy medium for security and accountability is CPS's 2C ($139.00).

The 2C is a small three port hardware box that can be place on the phone line at the system site. It requires the vendor to call the system administrator and "ask permission" to access the system. The administrator in turn calls the password protected 2C and enables one of the alternate ports, where the vendor's modem is connected. The password is never divulged to the vendor.

If the vendor calls the maintenance modem within a specific time period (30 seconds to four minutes), the call is automatically routed to the proper "alternate port" and then reset upon completion of the call.

At the very least, it allows the administrator to keep a log and avoid surprises. As a bonus, since the box has three ports it can be used for two modems and it doesn't even need a separate phone line.

The third port allows the 2C to optionally be connected to an established voice set or PBX so the line can be shared between the tasks instead or requiring a dedicated line. One customer has an answering machine on this port. It announces, "you have reached the XXX Company maintenance line. For access authorization call 1-800-888-0051".

Since it is a dial application, the administrator and modems can be located anywhere and the Touch-tone commands entered manually via a cell phone or wire line, or appended to the modems AT dial string.

Additionally, an optional AC power ON/OFF device could be connected to either of the two alternate ports and powered ON or OFF by the administrator with the same authorization call. One high security customer uses this feature to plug a light bulb and the modem into the power strip. This powers ON the modem and provides a vivid, across the room, indication that this modem is available. Before the 2C, they would physically disconnect the modem when not required. The downside was that they would forget to do this. The 2C now does it automatically and the light warns them that the modem is in use.

The 2C is one of a number of security and remote control products offered by CPS. Another product that has application in this area is the CAS (Controlled Access Switch).