# Remote Access



## MarkH84 (Apr 6, 2017)

Hello, new to the forum, but I am sure I will be visiting it more often. My computer background is primarily in the hardware support side but am becoming more involved with the software and network security side of things.

I work for a relatively small company, with no onsite server storage. However I am finding out that a vendor we use for our IT support (Vulnerability Testing/Patch Management) recommended and uses some remote access software.

Recently they accessed a computer to remove a virus file stuck in the Recycling Bin. My concern is, I do not personally feel allowing a vendor with such high level remote access is secure, and a sound business practice. Additionally the fact that an IT company recommended that confuses me.

What I am wondering is, in a business environment is it proper to give remote access to a company that uses it at their discretion or is this a common practice? Do some of the remote access programs allow manipulation of the users computer without detection?

Sorry for such a long post, and thank you.
Mark


----------



## MitchConner (May 8, 2015)

Hi mate,

This concerns me:



MarkH84 said:


> What I am wondering is, in a business environment is it proper to give remote access to a company *that uses it at their discretion* or is this a common practice?


Companies should not be using remote access to connect to a users machine without permission of the user (I find that quite rude from a user perspective), or the company. 

Check your company security policy regarding 3rd party remote access. If your company doesn't have one, I would highly recommend you write one down somewhere detailing what they can and can't do when connected to your network.

It is quite normal for support companies to provide support in this manner (using team viewer, real vnc, etc.), but it must always be inline with your own security policy which protects you as a business, but also doesn't make the IT support overly complicated. A lot of businesses will have a jumpbox into their network for 3rd parties to connect to which limits their overall control.

Unfortunately, it is possible for a "rogue" agent to compromise your system through remote access. That being said, 99% of engineers will act with integrity and your best interests at heart, and wouldn't entertain such a thought.

If you have any more questions please feel free to ask.


----------



## MarkH84 (Apr 6, 2017)

Thank you for responding. I had the same thought, it did not come to me at first but as I am thinking on this, we have no knowledge of how or when they access our computer networks with their current practices. The only reason I was made aware was that we were billed for service and I have inquired to get more details.

We are a small company, relatively and require the use of 3rd parties to handle certain aspects of tech support. However In my experience I have never had a tech support company not first contact me if an issue was needed.

Again, thank you for the response and advice.


----------

