“Hardware is easy to protect: lock it
in a room, chain it to a desk, or buy a spare. Information poses more of a
problem. It can exist in more than one place, be transported halfway across the
planet in seconds, and be stolen without your knowledge.” — Bruce Schneier
Image retrieved from v3.co.uk
The perimeter of the network is the part that touches the outside world. Therefore, it is essential to strengthen defenses along the edges of the network to promote comprehensive protection. The perimeter is the network's border where data flows in from, and out to, other networks, including the Internet. Perimeter defense allows authorized data to enter while blocking suspicious traffic, and it is handled by several different components, outlined below.
1. Border Router
The border router is the last controllable router before an untrusted or external network, e.g. the Internet. Since all Internet traffic passes through the border router, it is a practical place for filtering. It is the first and last line of defense.
2. Demilitarized Zone (DMZ)
A DMZ is a small network that provides public services with low security. It is a neutral area that is created outside the firewall between a company’s network and an external network, e.g. the Internet. Web servers, for example, would not be protected by firewall because of the traffic it generates or that needs less protection.
3. Firewall
A firewall is a chokepoint device that decides which traffic is permitted and which is denied. For perimeter defense, firewalls are available as software (installed inside a router) or as standalone hardware appliances. A firewall can provide services such as the following:
-Stateful packet inspection – analyzes transactions to ensure inbound packets were requested
-Packet filtering – blocks data from specified IP addresses and ports
-Network Address Translation (NAT) – presents a single IP address representing multiple internal IP addresses to the outside world.
4. Intrusion Detection System (IDS)
An IDS is an alarm system that detects malicious and suspicious activities by analyzing network traffic. If something unusual is detected, the IDS alerts the network administrator to take action to stop the event. A network-based intrusion detection system is referred to as a NIDS.
5. Intrusion Prevention System (IPS)
An IPS is similar to an IDS, except that the IPS takes automatic and immediate defensive action without requiring action by the network administrator.
6. Virtual Private Network (VPN)
A VPN provides perimeter security by encrypting the data sent between a business network and remote users over the Internet. This creates a private tunnel through the Internet.
Perimeter defense measures are designed to fortify the network boundary. While the components listed above do not constitute an exhaustive list, they give us an idea of what is required for perimeter security. Once again, it is easy to see how this layer is actually layers within a layer. These different technologies work in unison to create a protective barrier.
Next time, we will discuss the internal network layer.
Thanks for reading!
Jen
Thanks for sharing these detailed posts on network security!
ReplyDeleteThey're quite valuable
Web Developer Melbourne
Information Security - Information security is systems designed to protect the privacy, reliability, and availability of data from people who are trying to access the data illegally. There are different types of information technology that are application security covers vulnerabilities in mobile applications and on the web. Cloud security secures information in the cloud environment. Cryptography encrypts data in transit to ensure data confidentiality and integrity. Infrastructure security ensures internal and external security. The three principles governing information technology are confidentiality, integrity, and availability. These principles are called the CIA triad of information security.
ReplyDeleteJackpot City Casino 🎖️ $25 No Deposit Bonus
ReplyDeleteJackpot City Casino 1xbet korean ™ Bonus & Free Spins › Review › Casino › Review Jackpot City is a very reputable and reputable online casino that has an array of games from Microgaming, worrione Microgaming and Microgaming. Rating: 4.2 Review by Canadian 인카지노 Gambling Site