Ask the Expert

What are the security risks of opening all the ports on an internal router?

I run a network support team of about 300 employees. Are there any reasons why I should not just open up all the ports on the internal router so that all of my employees can communicate to my lab network? The employees and corporate servers are behind separate firewalls and isolated from the public. The lab is on its own subnet.

    Requires Free Membership to View

In this case, there's really no reason why you couldn't allow unrestricted traffic between the employee network and the lab network. The whole point of a lab network is to provide your technical staff with a sandbox where they can tinker with network devices and experiment with new technology. Go for it! Let them tinker all they like.

That said, you should definitely take action to protect your server network from the lab network. You wouldn't want to run the risk of having a rogue experimental device attempting to connect to one of your production servers. Along those same lines, it's a good idea to implement egress controls at your network border that prevent lab devices from communicating with the outside world.

More Information:

This was first published in June 2008

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.