Multiple Contractors one Remote Access Account - Contractor UK Bulletin Board

Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Fronttoback replied

22 September 2016, 18:46
I think you will find the OP has a working from home arrangement and is thinking of outsourcing some work without telling the end client.
Leave a comment:
DaveB replied

22 September 2016, 14:54
Originally posted by davetza View Post

It is not very clear but I assume you have VPN access into the clients site for some sort of support reason? If this is the case you could have a generic VPN but as other people said you need some way of auditing access. The standard way of doing this would be to have some sort of jump server that only has access over the VPN and you would need user specific account on the jump server to get access over the VPN.

From the way it was described I'm guessing it s multiple VPN's, one per client, owned and administered at the client side. Hence the need to get accounts created for each client / contractor combination.
Leave a comment:
davetza replied

22 September 2016, 13:43
It is not very clear but I assume you have VPN access into the clients site for some sort of support reason? If this is the case you could have a generic VPN but as other people said you need some way of auditing access. The standard way of doing this would be to have some sort of jump server that only has access over the VPN and you would need user specific account on the jump server to get access over the VPN.
Leave a comment:
MrMarkyMark replied

22 September 2016, 10:18
Originally posted by vetran View Post

agree with the idea of using one id is professional suicide.

A lot of people think the same about only having one ID on here

ww
Leave a comment:
vetran replied

22 September 2016, 10:13
there are tools out there that manage this sort of thing.

I think Teamviewer does.

Get 13 id's set up and then send them a report.Or sell it to them.

If its a VPN then one assumes you are using a key file? Get 13 files created and get them loaded to each VPN server.

agree with the idea of using one id is professional suicide.
Leave a comment:
SueEllen replied

21 September 2016, 09:12
Originally posted by MrMarkyMark View Post

Surely this sort of thing would also invalidates the Ltd Cos PI insurance

Not necessarily.

It depends what the action causing the problem is e.g. accidental data breach compared to fraud.

One if the issues not mentioned is if an employee deliberately makes a data breach you cannot take disciplinary action against them or sack them as you have no proof which employee did it. If you did take action against an employee you suspected you would find yourself facing expensive employment tribunal costs for discrimination.
Leave a comment:
MrMarkyMark replied

21 September 2016, 06:29
Surely this sort of thing would also invalidates the Ltd Cos PI insurance

Tt
Leave a comment:
mudskipper replied

21 September 2016, 06:14
Originally posted by northernladuk View Post

Who says?

Most companies' IT policies.
Leave a comment:
northernladuk replied

20 September 2016, 22:05
Originally posted by Bee View Post

Yes I wouldn't be happy too, the login it's personal and can't be shared for security reasons.

Who says?
Leave a comment:
Bee replied

20 September 2016, 16:23
Originally posted by cojak View Post

Good grief - I wouldn't be happy sharing a login, that's a recipe for a ruined reputation.

Yes I wouldn't be happy too, the login it's personal and can't be shared for security reasons.
Leave a comment:
gables replied

20 September 2016, 14:24
The LA I worked at would insist that you use named accounts. It may seem like an overhead but it is a valid one.
Leave a comment:
SueEllen replied

20 September 2016, 13:23
You aren't serious are you?

If one of your employees decides to release information into the public domain or steal it to sell, how are you going to know which individual did it?

Legally while you as a business are responsible for the data breach, the individual person is responsible for a criminal act.
Leave a comment:
MrMarkyMark replied

20 September 2016, 13:18
Originally posted by DaveB View Post

Finally, if you ring a client and they are any good, they WILL laugh at you and think you are a bunch of cowboys.

This +1.
Leave a comment:
cojak replied

20 September 2016, 13:18
Good grief - I wouldn't be happy sharing a login, that's a recipe for a ruined reputation.
Leave a comment:
stek replied

20 September 2016, 13:11
And what chance have you got of controlling it your end if you don't even know if you are 12 or 13?
Leave a comment: