Network Perimeter

A network perimeter is the secured boundary between the private and locally managed side of a network, often a company’s intranet, and the public facing side of a network, often the internet.

A network perimeter includes:

• Border Routers: Routers serve as the traffic signs of networks. They direct traffic into, out of, and throughout networks. The border router is the final router under the control of an organization before traffic appears on an untrusted network, such as the Internet.
• Firewalls: A firewall is a device that has a set of rules specifying what traffic it will allow or deny to pass through it. A firewall typically picks up where the border router leaves off and makes a much more thorough pass at filtering traffic.
• Intrusion Detection System (IDS): This functions as an alarm system for your network that is used to detect and alert on suspicious activity. This system can be built from a single device or a collection of sensors placed at strategic points in a network.
• Intrusion Prevention System (IPS): Compared to a traditional IDS which simply notifies administrators of possible threats, an IPS can attempt to automatically defend the target without the administrator's direct intervention.
• De-Militarized Zones / Screened Subnets: DMZ and screened subnet refer to small networks containing public services connected directly to and offered protection by the firewall or other filtering device.

Network Perimeter requirements

For most modern businesses, there is no single defensible boundary between a company’s internal assets and the outside world.

• Internal users are not simply connecting from inside an organization’s building, network, or inner circle. They are connecting from external networks and using mobile devices to access internal resources.
• Data and applications are no longer housed on servers that businesses physically own, maintain, and protect. Data warehouses, cloud computing, and software as a service present immediate access and security challenges for both internal and external users.
• Web services have opened a wide door to interactions outside of normal trust boundaries. To serve multiple clients, or simply to communicate with other services, both internal and external, insecure interactions on external platforms occur all the time.

Also, individually protecting each software application, service, or asset can be quite challenging. While the concept of a “network perimeter” has meaning for certain network configurations, in today’s environment it should be treated abstractly, rather than as a specific setup.

Network Perimeter guidelines

With this in mind, there are a few guidelines that can help to deliver a secure and modular network environment:

• Strong authentication to allow controlled access to information assets. Two factor authentication acts as an extra layer of security for logins, ensuring that attempted intrusions are halted before any damage is done.
• Hardening of mobile and IoT devices that connect to the network. Access control policies define high-level requirements that determine who may access information, and under what circumstances that information can be accessed.
• Embedded security services inside devices and applications. Embedded security solutions can help protect devices ranging from atm’s to automated manufacturing systems. Features including application whitelisting, antivirus protection, and encryption can be embedded to help protect otherwise exposed IoT devices.
• Collecting security intelligence directly from applications and their hosts. Maintaining an open communication line with cloud service providers like AWS can greatly increase security protections. Application and service managers understand how to integrate shared security with their systems better than anyone else.

The increasing reliance on an interconnected ecosystem of online devices in today's business environment has greatly increased our reliance on network protection in order to prevent cyber attacks. Data is collected, collated, and interpreted on a massive scale, and it’s security is dependent on the protections that surrounds it. The concept and evolution of a network perimeter allows organizations to think effectively on how to safeguard their internal information from untrusted or malicious actors.