Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Reasons not to give OUTSIDERS access to your firewall

Posted on 2003-03-10
Medium Priority
Last Modified: 2013-11-16
This morning an outside company who works with my company requesting to bypass our firewall to access a few systems that they are working on a project.  I'm looking to compile a list of reasons why I should NOT allow this outside company to access our firewall.

1. Lack of internal security measure.
2. Don't trust them
3. This is my only source of security measure
4. Have more than enough vulnerabilities

Can anyone give me some more good reasons why I should not allow this?

Thank you so much,
Question by:life014542

Expert Comment

ID: 8104172
Well, if you don't trust them, that seems to be a good enough reason.

Accepted Solution

antimith earned 80 total points
ID: 8104234
hurry up and make a formal security policy that forbids it. haha, head on over to securityfocus.com, they've got some guides to write a good security policy, but you can just skim them and fake it.

When you meet with them or whatever about it, just hand them a hard copy of your security policy and your free.  they can't argue with official documents can they?It's 'out of your hands'.

Added to your reasons:

It's against our security policy.
Would be against the better judgment of our staff, who suggest you find another method.(another thing that kinda depersonallizes it)
A random guy on experts-exchange, probably along with a lot of other people think it would be dumb security wise. they should find another method or pay to have you upgrade your own setup.

Add to that, conditions to do so:

They foot the bill for a few extra things. i.e. A few new VPN routers and several hours of auditing by a leading security team. A few cases of beer, a new mini fridge, strippers, and the odd T1 subscription for a couple of months to counteract the bandwidth loss due to their network use.
LVL 24

Expert Comment

ID: 8104310
>  requesting to bypass our firewall
> Reasons not to give OUTSIDERS access to your firewall

I am not sure the question. These are different.

1) Letting them bypass, let's also the worms, virus, and bandwidth chokers, script kiddies in and out.   Not Good                 :-(

2) Giving them access, lets them kill time at your company expense reviewing all security options, so they can first complain that you have not done comlete job, at same time, they can make more security holes and exploit every hole they can to prove to management that they are needed, and in fact, should be paid more than ever. Get resume ready.            Not Good               :-(
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.


Expert Comment

ID: 8104528
Are your systems in the DMZ?  If so, you should be able to give them access (if you're forced to) without compromising security on your internal network.  If you don't have a DMZ set up, this would be a good opportunity to do so.

Expert Comment

ID: 8104552
Maybe a good question would be why do they want to bypass the firewall, why can they not get to what they want using the firewall?

Expert Comment

ID: 8105712
another good thing is do you have to support them and their connection to systems you have no control over...letting them access it is one thing, but if they have a problem you're on the hook for further support.

so another good reason is labor- is your boss willing to allow you all the time necessary for follow up support?
LVL 79

Expert Comment

ID: 8106215
The reasons not to permit it are many. So are the solutions.
First and formost, as already mentioned, create a written policy that is enforceable. If you permit someone into your network and you do not give them explicit instructions on what they are/are not permitted to do while accessing your network, then you open yourself up to litigation if they use your network as a jumping off point to launch an attach against another network.

One technical solution: install a VPN soluton so that they enter your network via secure VPN where you control all the options, i.e. access-lists for what they can/can't access, routes, Internet access, enforce personal firewall, enforce Anti-virus, and then have an audit trail for everything they touched while connected. Cisco has products for all of this.
LVL 24

Expert Comment

ID: 8206514
big ditto to:

rrhunt28> why can they not get to what they want using the firewall?

lrmoore>  have an audit trail for everything they touch..

Sounds rather suspicious, don't it? Why they act like university freshies who want to do other than the work they are supposed to perform?

Expert Comment

ID: 9153183
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question