Christoo
Member
It's called a VPN vestural private network
and if you want to take to the next level the can get an encrypted VPN
The IT guys don't want to use them because they have to do a little work to set them up. They don't want others to know about their magic smoke.
The best way to lock it down is to establish a VPN that will only allow a connection from a know IP address preferably tunneling out of the clients site to the vendors Static IP address. Monitor the ports accessed during a week of service then lock all of the others down.
I still think that is about as solid as it gets.
I have one client that was so nervous that we had to install two ethernet to serial bridges to enact with any part of the network that was touched by the clients ERP