This is somewhat dependent of the virtual private network (VPN) and firewall being used. However, to answer this in general, you are increasing your exposure any time you have to open firewall ports. If you only need to open "outbound" connections, the risk is fairly minimal. If you also need to open inbound ports, the risk may be somewhat greater, depending upon whatever other security measures are in place. Is it possible that the contractor can use a connection to the Internet that is outside of the firewall? Perhaps the contractor can position his connection such that his machine is between the router leading to the Internet and the corporate firewall. The VPN would then not need any ports opened on the firewall. There might be other issues to prevent that. For instance, if your firewall is doing Network Address Translation (NAT), any terminal outside the firewall will not benefit from that. So, the terminal will need a valid public IP address, not a private IP, as can be issued behind the firewall. The terminal outside the firewall will also have access to your corporate network controlled by the firewall the same as any other computer on the Internet. If the contractor needs access to both, you might consider dedicating a terminal outside the firewall just for e-mail via the VPN and let him continue his other activites from his normal locations.
Dig Deeper on Security Resources
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.