Security 101:: Perimeter Security :: What Why and How

A Typical Perimeter Firewall showing Trusted and Untrusted zone

In this writeup, we will explore What is 1st layer of defence for an enterprise network from the outside, how does this layer protect against threat and why it is important to you as an enterprise customer.

The “What”, “Why” and “How”

What?

Perimeter security is an essential component of an enterprise. It is the first layer of defense against external attacks and the last opportunity to prevent information from leaving corporate control. Where it was once well-established and fairly static, the corporate network perimeter is now undergoing significant expansion due to the variety and volume of devices demanding access.

How does Perimeter Security Work?

The perimeter security layer is traditionally implemented through multiple devices that comprise a perimeter firewall. A perimeter firewall sits between internal (e.g., enterprise) and external (e.g., Internet) networks, blocking undesired traffic flows. It is also the first contact for many external threats to the network. It serves as a gatekeeper to intrusion and is implemented through both hardware and software.

Why is Perimeter Security Important?

Employee-owned systems and IoT devices offer a broad landscape for the introduction of malware and active intrusion by cybercriminals and government actors. As the complex nature and volume of cyber threats continue to increase, advanced perimeter solutions offer capabilities that adapt to defend against new or previously undetected attacks.

An On-Premises perimeter layer may include:

• Border Router: Border routers sit at the edge of the corporate network and are usually separate from the routers responsible for internal traffic. They move traffic into and out of the enterprise as well as manage peering relationships with service providers. Border routers can hide the internal network architecture, blackhole traffic to/from specific networks, and filter flows based on a variety of parameters.
• Proxy Service: Proxy servers are positioned between internal and external networks to act as intermediaries between the users and resources. When an inside end-user initiates a connection to an external resource, the proxy server will locally process (i.e., terminate) the connection, then establish its own connection directly to the external system. This prevents direct, unsupervised packet transfer between internal and external systems. There are many types of proxy servers, such as forward, reverse, and transparent proxies.
• IDS/IPS/AV: Active monitoring of traffic through intrusion detection (IDS), intrusion prevention (IPS), and antivirus (AV) systems provides real-time threat detection and remediation. These systems monitor flows crossing the perimeter and seeks to identify patterns and signatures that indicate malicious intent. They can respond with a notification to the Security Operations Center (SOC), actively block traffic deemed dangerous, or remove problematic data/code from packet flows.
• Demilitarized Zone: A Demilitarized Zone (DMZ) provides a heightened layer of security by creating a network environment to perform additional traffic inspection and processing. Logically they sit outside the enterprise perimeter and have additional security capabilities between them and external networks. DMZs offer a location for support services that directly interact with external users and require enhanced protection against attack; DNS, mail, and FTP servers are common examples.
• DLP: Data Loss Prevention (DLP) tools guard against the accidental or intentional release of protected information by preventing sensitive communication and data from leaving the corporate environment. Similar to IDS/IPS systems, they inspect and analyze traffic flows to identify patterns (e.g., social security numbers, credit card details), keywords (e.g., project codenames, PII medical data), or other defined parameters of concern. DLP technologies provide content awareness through integration into existing infrastructure components such as mail and web gateways or packaging into independent, robust, fully-featured enterprise solutions.

#security #perimeter #cybersecurity #network #Border Router #DLP #IPS #IDS #proxy #DMZ #Trust #firewall #enterprise