Ask the Expert

Opening firewall for contractor

A contractor wants us to open our firewall so he can use our network and our Internet connection to virtual private network into his corporate network for e-mail, etc. What exposure do we have?

    Requires Free Membership to View

This is somewhat dependent of the virtual private network (VPN) and firewall being used. However, to answer this in general, you are increasing your exposure any time you have to open firewall ports. If you only need to open "outbound" connections, the risk is fairly minimal. If you also need to open inbound ports, the risk may be somewhat greater, depending upon whatever other security measures are in place.

Is it possible that the contractor can use a connection to the Internet that is outside of the firewall? Perhaps the contractor can position his connection such that his machine is between the router leading to the Internet and the corporate firewall. The VPN would then not need any ports opened on the firewall.

There might be other issues to prevent that. For instance, if your firewall is doing Network Address Translation (NAT), any terminal outside the firewall will not benefit from that. So, the terminal will need a valid public IP address, not a private IP, as can be issued behind the firewall. The terminal outside the firewall will also have access to your corporate network controlled by the firewall the same as any other computer on the Internet. If the contractor needs access to both, you might consider dedicating a terminal outside the firewall just for e-mail via the VPN and let him continue his other activites from his normal locations.

This was first published in August 2001

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: