Problem solve Get help with specific problems with your technologies, process and projects.

What are the security risks of opening all the ports on an internal router?

Opening all ports between an internal employee network and a lab network is generally low-risk, though there are some things to look out for, says network security expert Mike Chapple in his response.

I run a network support team of about 300 employees. Are there any reasons why I should not just open up all the ports on the internal router so that all of my employees can communicate to my lab network? The employees and corporate servers are behind separate firewalls and isolated from the public. The lab is on its own subnet.
In this case, there's really no reason why you couldn't allow unrestricted traffic between the employee network and the lab network. The whole point of a lab network is to provide your technical staff with a sandbox where they can tinker with network devices and experiment with new technology. Go for it! Let them tinker all they like.

That said, you should definitely take action to protect your server network from the lab network. You wouldn't want to run the risk of having a rogue experimental device attempting to connect to one of your production servers. Along those same lines, it's a good idea to implement egress controls at your network border that prevent lab devices from communicating with the outside world.

More Information:

This was last published in June 2008

Dig Deeper on Network Access Control technologies

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.