Ask the Expert

What are the security risks of opening all the ports on an internal router?

I run a network support team of about 300 employees. Are there any reasons why I should not just open up all the ports on the internal router so that all of my employees can communicate to my lab network? The employees and corporate servers are behind separate firewalls and isolated from the public. The lab is on its own subnet.

    Requires Free Membership to View

In this case, there's really no reason why you couldn't allow unrestricted traffic between the employee network and the lab network. The whole point of a lab network is to provide your technical staff with a sandbox where they can tinker with network devices and experiment with new technology. Go for it! Let them tinker all they like.

That said, you should definitely take action to protect your server network from the lab network. You wouldn't want to run the risk of having a rogue experimental device attempting to connect to one of your production servers. Along those same lines, it's a good idea to implement egress controls at your network border that prevent lab devices from communicating with the outside world.

More Information:

This was first published in June 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: