Most organizations place their firewalls at the network’s perimeters. While there may be additional layers of network security inside an organization’s intranet, they do not count as part of the overall perimeters since only authorized personnel should have access to them. All public-facing connections (i.e., connections over which data leaves the organization) use specialized security devices (s) such as routers, switches, or firewalls to enforce security.
Network perimeter controls are the security controls that are placed at or around a network’s perimeter. This is also referred to as “perimeter security.” They enforce access control and prevent attackers from gaining unauthorized access to critical resources (i.e., publications, financial data, personal information of employees).
Network perimeter controls are the first line of defense when it comes to security. They can be considered a single point of failure since an organization’s entire network is only as secure as its weakest perimeter control.
These must be secured from external and internal threats, including natural disasters such as earthquakes or floods, intentional actions by rogue employees, and hackers who bypass network access controls to gain unauthorized access to critical systems or data. It is vital that any organization ensures that no unauthorized changes occur regarding their connected networks devices (e.g., routers, switches) either intentionally or accidentally.
What Threats Does Network Perimeter Control Face?
A significant threat to deployed perimeters comes from compromised system configurations, which allow attackers to set up “shadow” devices within the network. This is often done using “sniffers” to capture unencrypted data and passwords sent across the web for connecting other peripheral devices such as printers, faxes, or even computers that may lack adequate information security controls.
Once attackers have access to a device on the internal network perimeter, they can use this foothold to deploy additional attacks against other connected resources.
Examples Of Network Perimeter Controls
Firewall
Network firewalls filter inbound and outbound traffic based on a set of rules defined by a system administrator. They are mainly used in networks to help protect them from unauthorized access from external users while allowing authorized traffic into or out of the network.
These typically sit at the edge between two network segments and may be used to separate a public network (such as the Internet) from a private one, such as an organization’s intranet. Firewalls can also be found on stand-alone systems that require higher security than an operating system because they host sensitive or valuable data. Today firewalls commonly support deep packet inspection and other advanced features.
VPN
A virtual private network is a personal data network that uses the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures – encryption being the most common one. VPNs allow organizations to have remote access to their networks from any location as if they were using a local network (LAN). Businesses often use VPNs to allow their employees access to private company networks in various places but use one central remote access server.
IDS/IPS
Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) are network security appliances that monitor network or system activities for malicious activities or policy violations. They do this by passively watching packets traveling the network, looking for signs of known attack types stored in a signatures database.
If an unknown attack type occurs on the network, it is flagged as suspicious and passed to another security appliance known as an NGFW (Next-Generation Firewall). Intrusion Prevention Systems take things a step further by actively taking countermeasures to block traffic coming from an attacker’s device to prevent malicious activity from taking place on a system.
Benefits Of Network Perimeter Controls
Reduce Downtime And Data Loss
By setting up systems to quickly recover from damage, organizations can ensure that their required operations continue without disruption by limiting the number of times employees can not do their jobs. Taking preventative measures against disasters is critical for maintaining business continuity.
Helps Protect Privacy
Privacy must be protected to maintain customer satisfaction, the confidentiality of proprietary information, and a competitive advantage over other companies. Laws govern how businesses should protect private information such as credit card numbers or social security numbers.
Depending on where a company resides or does business, they must follow compliance requirements (reporting) if they handle PII (Personally Identifiable Information). Many countries require some form of privacy policy before users can give information about themselves.
Compliance
Organizations and companies must comply with numerous regulations and policies to protect both their customers and businesses. These include:
PCI DSS
(Payment Card Industry Data Security Standard) which is a security standard for organizations that handle credit card data
GLBA
(Gramm-Leach-Bliley Act) which is a set of laws protecting financial institutions as well as their clients from unfair or deceptive practices
HIPAA
(Health Insurance Portability and Accountability Act) which protects medical records,
FERPA
(Family Educational Rights and Privacy Act) which ensures the privacy of student records such as grades or disciplinary issues
SOX
(Sarbanes-Oxley Act) which requires all publicly traded companies to adhere to auditing processes that reduce fraud and corruption
NFPA
(National Fire Prevention Association) which provides fire prevention guidance for businesses. Each of these laws is enforced by NIST (National Institute of Standards and Technology).
Compliance With Federal Regulations
Network security not only benefits the business itself but also helps with complying with federal regulations such as FISMA (Federal Information Security Management Act), HSPD-12 (Homeland Security Presidential Directive 12), DoDD 8500.2 (Department of Defense policies on information assurance), CFATS (Chemical Facility Anti-Terrorism Standards), CSA (Cybersecurity Assurance).
Drawbacks Of Network Perimeter Control
Cost
Security is a very costly service. It requires trained security professionals to monitor and respond to any attacks from unauthorized entities. These professionals have forensics, criminology, computer science, cybersecurity, physical security management, and others. This comes at a high price for the company or organization that seeks this protection.
Resistant Credentials
Organizations must protect their Credentials information by using highly resistant credentials such as biometrics along with traditional passwords. Using just a password for authentication leaves open the possibility of an attacker stealing that password and gaining access to all accounts protected by that same password. Many organizations are moving toward Biometric Authentication, which uses unique physical characteristics (taken from or derived from the user’s body) to verify identity.
Awareness
Successful security requires that employees understand the threats they face daily, know what actions are needed to help protect them, have confidence in their knowledge of these requirements, and follow through with them. All of this must be communicated both verbally and non-verbally (e.g., posters, symbols).
Conclusion
Using a combination of Compliance, Federal Regulations, and Resistance Credentials, organizations can improve their network security by implementing security procedures such as Security Awareness Training.
While it is always better to be safe than sorry, the cost may not outweigh the benefits if a business operates in a low threat environment or has low-risk clients that do not require the same data protection as high-risk clients. Network Security is a critical IT topic that can help protect online and offline information from unauthorized access within organizations and companies.
Suppose your organization does not have formal policies or guidelines concerning network security. In that case, you might consider using this guide for ideas on how to increase the level of protection you provide for your customers while maintaining compliance with any federal regulations.
