A network perimeter is the secured boundary between the private and locally managed side of a network, often a company’s intranet, and the public facing side of a network, often the Internet.
A network perimeter includes:
- Border Routers: Routers serve as the traffic signs of networks. They direct traffic into, out of, and throughout networks. The border router is the final router under the control of an organization before traffic appears on an untrusted network, such as the Internet.
- Firewalls: A firewall is a device that has a set of rules specifying what traffic it will allow or deny to pass through it. A firewall typically picks up where the border router leaves off and makes a much more thorough pass at filtering traffic.
- Intrusion Detection System (IDS): This functions as an alarm system for your network that is used to detect and alert on suspicious activity. This system can be built from a single device or a collection of sensors placed at strategic points in a network.
- Intrusion Prevention System (IPS): Compared to a traditional IDS which simply notifies administrators of possible threats, an IPS can attempt to automatically defend the target without the administrator's direct intervention.
- De-Militarized Zones / Screened Subnets: DMZ and screened subnet refer to small networks containing public services connected directly to and offered protection by the firewall or other filtering device.
Network Perimeter Requirements
For most modern businesses, there is no single defensible boundary between a company’s internal assets and the outside world.
- Internal users are not simply connecting from inside an organization’s building, network, or inner circle. They are connecting from external networks and using mobile devices to access internal resources.
- Data and applications are no longer housed on servers that businesses physically own, maintain, and protect. Data warehouses, cloud computing, and software as a service present immediate access and security challenges for both internal and external users.
- Web services have opened a wide door to interactions outside of normal trust boundaries. To serve multiple clients, or simply to communicate with other services, both internal and external, insecure interactions on external platforms occur all the time.
Also, individually protecting each software application, service, or asset can be quite challenging. While the concept of a “network perimeter” has meaning for certain network configurations, in today’s environment it should be treated abstractly, rather than as a specific setup.
Network Perimeter Guidelines
With this in mind, there are a few guidelines that can help to deliver a secure and modular network environment:
- Strong authentication to allow controlled access to information assets. Two factor authentication acts as an extra layer of security for logins, ensuring that attempted intrusions are halted before any damage is done.
- Hardening of mobile and IoT devices that connect to the network. Access control policies define high-level requirements that determine who may access information, and under what circumstances that information can be accessed.
- Embedded security services inside devices and applications. Embedded security solutions can help protect devices ranging from atm’s to automated manufacturing systems. Features including application whitelisting, antivirus protection, and encryption can be embedded to help protect otherwise exposed IoT devices.
- Collecting security intelligence directly from applications and their hosts. Maintaining an open communication line with cloud service providers like AWS can greatly increase security protections. Application and service managers understand how to integrate shared security with their systems better than anyone else.
The increasing reliance on an interconnected ecosystem of online devices in today's business environment has greatly increased our reliance on network security in order to prevent cyber attacks. Data is collected, collated, and interpreted on a massive scale, and it’s security is dependent on the protections that surrounds it. The concept and evolution of a network perimeter allows organizations to think effectively on how to safeguard their internal information from untrusted or malicious actors.
- Whitepaper: Comprehensive Security for the Network Perimeter and Beyond
- Whitepaper: Not all Next-Gen Firewalls are Created Equal
- Blog: And that’s why you secure your perimeter!
- Barracuda Advanced Threat Protection
How Barracuda Can Help
Barracuda CloudGen Firewalls are designed to optimize the performance and management of distributed networks and to effortlessly scale across any number of locations and applications. In this way they can provide full protection for your entire network perimeter, and maintain the same level of protection while your operation grows.
In addition, to powerful email protection, the Barracuda Email Security Gateway allows for offloading of CPU-intensive tasks like antivirus and DDoS filtering to the cloud. This provides a reduction on the processing load on the appliance and helps ensure that threats never reach your network perimeter.
Do you have more questions about Network Perimeters? Contact us today!