Join 3,371 readers in helping fund MetaFilter (Hide)


Need to set up best-practices for Help Desk/NOC Monitoring team
March 11, 2013 7:11 AM   Subscribe

I will be managing a remote Indian Infrastructure Support Help Desk. Not a call center, but we'll be handling all Tier I issues for Desktop and NOC operations for a major US client. I'm trying to come up with a document to detail the *"best practices" for connecting to their network*.

So far I've come up with:

* Only connect from within our company's office network where sufficient firewalls and tunnels exist
* Do not use external, public or unprotected home networks.
* Only using the approved Cisco VPN software to gain access to the company's network

What are some other things you can suggest that would be good best practices? We will have access to sensitive routers and switches as well that have the capacity to take down critical parts of the company.
posted by PetiePal to Technology (1 answer total)
 
To note, I'm coming from the perspective of the Senior Security Analyst:

- I would insist on a site-to-site VPN from the support location to your site, rather than a remote access client.
- I would secure the VPN tunnel with certificate authentication using 3rd party trusted certs or your internal PKI.
- I would have ACLs on your end of the tunnel restricting these folks to the equipment they're allowed to touch.
- I would have any device they can touch logging to a remote log collector that they do not have read only access to.
- I would set up all devices to have sufficient logging to finger point if things break. I would note that changing logging levels to anything below this level is a contract terminating event.
- I would have netflow logging of everything coming from their side of the VPN
- I would insist on knowing what their "operational" subnet is for their NOC, and what their VPN subnet is. I would ensure that the latter does not reside within the former. I would only allow traffic sourcing from the former.

If they're level 1, use your historical data to build out a KB for your top issues. Insist that they handle things according to the script or escalate. Adjust the KB as necessary. Inform second level that they will have less work if there are detailed KB articles for the level 1. Watch things take care of themselves.

That may be a little much, but without knowing what your contract looks like and what methods you have for recovery in case of a failure on their side, it's hard to say where exactly to draw the line on letting these folks do things. I'd err on the side of locking it down to start, and let the data dictate where to loosen the reigns.
posted by bfranklin at 7:29 AM on March 11, 2013 [1 favorite]


« Older My son is almost 9. He suffers...   |  Can someone explain the best c... Newer »
This thread is closed to new comments.