Understanding Risks and Limitations of Adding Exceptions to Your Firewall

Overview

Occasionally, you may wish to add exceptions to your firewall in order to open the ports of your environment. It is important to understand the risks and limitations associated with this action as it can potentially increase the risk of a security breach, leading to unauthorized access to production.

Key points

Opening your ports is done under your own responsibility

Before proceeding with opening any access point, you should be aware that this action increases the risk of a security breach which could result in unauthorized access to production. By providing permission, you confirm that:

  1. Your organization waives any claim it may have against Engine Yard and releases Engine Yard from any damages it may suffer arising from or relating to the opening of these ports.
  2. Your organization will defend and indemnify Engine Yard from any claims, demands, liabilities, losses, damages, penalties, fines, and expenses (including reasonable attorneys’ fees) brought or claimed by a third party against Engine Yard arising from or relating to the opening of these ports.

Limitations

Networks in Engine Yard have certain characteristics that need to be taken into account when requesting a port to be opened:

  • Ports can be opened to a public IP range or another environment in Engine Yard.
  • Only environments in the same region can be used as a source. If your other environment is in a different region, you will need to use a public IP instead.
  • Firewalls are assigned to environments. This means that they will share the network configuration across all its instances.

Summary

Adding exceptions to your firewall to open ports in your environment carries certain risks and limitations. It's crucial to understand these before proceeding with such actions to ensure the security of your production environment.

FAQ

  1. What are the risks of adding exceptions to my firewall?
    Adding exceptions to your firewall increases the risk of a security breach, which could lead to unauthorized access to your production environment.
  2. What are the limitations of adding exceptions to my firewall?
    Ports can only be opened to a public IP range or another environment in Engine Yard, and only environments in the same region can be used as a source. Firewalls are assigned to environments, meaning they share the network configuration across all instances.
  3. What happens if a security breach occurs after I add exceptions to my firewall?
    By providing permission to add exceptions to your firewall, your organization waives any claim it may have against Engine Yard and releases Engine Yard from any damages it may suffer arising from or relating to the opening of these ports. Your organization will also defend and indemnify Engine Yard from any third-party claims related to the opening of these ports.

Comments

Article is closed for comments.