Is there a security risk of using same firewall hardware as the company perimeter firewall device (providing multi-tenancy) which is already shared by other companies? Is there a possibility of being affected our firewall tenant if some other company get an attack like DDoS even-though multi-tenancy in practice?
Thanks
First and foremost, nomenclature.
https://www.threatanalysis.com/2010/05/03/threat-vulnerability-risk-commonly-mixed-up-terms/
The 'risk' can only determined if there is a vulnerability within this shared infrastructure situation you describe. There is almost always a vulnerability (I said "almost" because in InfoSec it is usually unwise to deal in absolutes) in a system. Humans are imperfect, and we make the systems.
But let me step back and not nitpick; yes, if your service provider uses a single firewall system and all customers share that system, there is an implicit sharing of any vulnerabilities. Even with configurations that mitigate the affects of traffic between tenants, the firewall is a single point of failure and a shared resource. Anything that affects the firewall and a single tenant must have some impact on the others, even if well managed and mitigated.
