Link to home
Start Free TrialLog in
Avatar of life014542
life014542

asked on

Reasons not to give OUTSIDERS access to your firewall

This morning an outside company who works with my company requesting to bypass our firewall to access a few systems that they are working on a project.  I'm looking to compile a list of reasons why I should NOT allow this outside company to access our firewall.

1. Lack of internal security measure.
2. Don't trust them
3. This is my only source of security measure
4. Have more than enough vulnerabilities

Can anyone give me some more good reasons why I should not allow this?

Thank you so much,
Avatar of Movax
Movax

Well, if you don't trust them, that seems to be a good enough reason.
ASKER CERTIFIED SOLUTION
Avatar of antimith
antimith

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
>  requesting to bypass our firewall
> Reasons not to give OUTSIDERS access to your firewall

I am not sure the question. These are different.

1) Letting them bypass, let's also the worms, virus, and bandwidth chokers, script kiddies in and out.   Not Good                 :-(

2) Giving them access, lets them kill time at your company expense reviewing all security options, so they can first complain that you have not done comlete job, at same time, they can make more security holes and exploit every hole they can to prove to management that they are needed, and in fact, should be paid more than ever. Get resume ready.            Not Good               :-(
Are your systems in the DMZ?  If so, you should be able to give them access (if you're forced to) without compromising security on your internal network.  If you don't have a DMZ set up, this would be a good opportunity to do so.
Maybe a good question would be why do they want to bypass the firewall, why can they not get to what they want using the firewall?
another good thing is do you have to support them and their connection to systems you have no control over...letting them access it is one thing, but if they have a problem you're on the hook for further support.

so another good reason is labor- is your boss willing to allow you all the time necessary for follow up support?
Avatar of Les Moore
The reasons not to permit it are many. So are the solutions.
First and formost, as already mentioned, create a written policy that is enforceable. If you permit someone into your network and you do not give them explicit instructions on what they are/are not permitted to do while accessing your network, then you open yourself up to litigation if they use your network as a jumping off point to launch an attach against another network.

One technical solution: install a VPN soluton so that they enter your network via secure VPN where you control all the options, i.e. access-lists for what they can/can't access, routes, Internet access, enforce personal firewall, enforce Anti-virus, and then have an audit trail for everything they touched while connected. Cisco has products for all of this.
big ditto to:

rrhunt28> why can they not get to what they want using the firewall?

lrmoore>  have an audit trail for everything they touch..

Sounds rather suspicious, don't it? Why they act like university freshies who want to do other than the work they are supposed to perform?
life014542:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.