Q

Opening firewall for contractor

A contractor wants us to open our firewall so he can use our network and our Internet connection to virtual private network into his corporate network for e-mail, etc. What exposure do we have?


This is somewhat dependent of the virtual private network (VPN) and firewall being used. However, to answer this in general, you are increasing your exposure any time you have to open firewall ports. If you only need to open "outbound" connections, the risk is fairly minimal. If you also need to open inbound ports, the risk may be somewhat greater, depending upon whatever other security measures are in place.

Is it possible that the contractor can use a connection to the Internet that is outside of the firewall? Perhaps the contractor can position his connection such that his machine is between the router leading to the Internet and the corporate firewall. The VPN would then not need any ports opened on the firewall.

There might be other issues to prevent that. For instance, if your firewall is doing Network Address Translation (NAT), any terminal outside the firewall will not benefit from that. So, the terminal will need a valid public IP address, not a private IP, as can be issued behind the firewall. The terminal outside the firewall will also have access to your corporate network controlled by the firewall the same as any other computer on the Internet. If the contractor needs access to both, you might consider dedicating a terminal outside the firewall just for e-mail via the VPN and let him continue his other activites from his normal locations.


This was first published in August 2001

Dig deeper on Security Resources

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close