There's really no tactful way to ask this question without impugning Ken's character. And that is certainly not my intention. He has provided me with no reason to question his ethics or character.
A couple of years ago I was having some issues which we were unable to resolve using the traditional email correspondence. At the time, Ken used TeamViewer to log into my BI machine to do diagnostics and troubleshooting.
It was interesting to watch from the sidelines as Ken worked his magic. I was able to chat with him about his permissions/rights. He confirmed that he was able to unmask view all camera passwords (and presumably the main BI user/admin passwords). He said not to worry that he wouldn't log in unless there was a need/request for diagnostic support. He even gave me his IP address which so I could verify that he wasn't logging in other than during these coordinated sessions. And if he did, I would see his IP in the connection logs.
Being that he knows the intricacies of the software, wouldn't it be possible for him to leave a back door that doesn't get logged? And if such a back door existed, could it not be exploited by someone with more nefarious purposes?
Again, I have no reason to think that Ken would ever deliberately violate anyone's trust. But given the possibility of such a violation (i.e. imagine someone hacks his machine, or he sells the product to another party, etc), what kind of protection or detection can we implement that would lock down such an exploit?
Short of intrusion detection firmware on a router, is there anything that could be done to lock it down?
A couple of years ago I was having some issues which we were unable to resolve using the traditional email correspondence. At the time, Ken used TeamViewer to log into my BI machine to do diagnostics and troubleshooting.
It was interesting to watch from the sidelines as Ken worked his magic. I was able to chat with him about his permissions/rights. He confirmed that he was able to unmask view all camera passwords (and presumably the main BI user/admin passwords). He said not to worry that he wouldn't log in unless there was a need/request for diagnostic support. He even gave me his IP address which so I could verify that he wasn't logging in other than during these coordinated sessions. And if he did, I would see his IP in the connection logs.
Being that he knows the intricacies of the software, wouldn't it be possible for him to leave a back door that doesn't get logged? And if such a back door existed, could it not be exploited by someone with more nefarious purposes?
Again, I have no reason to think that Ken would ever deliberately violate anyone's trust. But given the possibility of such a violation (i.e. imagine someone hacks his machine, or he sells the product to another party, etc), what kind of protection or detection can we implement that would lock down such an exploit?
Short of intrusion detection firmware on a router, is there anything that could be done to lock it down?