A network perimeter firewall is a secured boundary providing the main defense of a private network and other public networks, such as the internet. The firewall detects and protects the network against unwanted traffic, potentially dangerous code, and intrusion attempts.
A network perimeter may include:
- Border Routers serve as a final router from outside untrusted networks and direct traffic into, out of, and throughout networks.
- Firewalls act as gatekeepers, following specific rules to allow or deny specific traffic to pass through into the internal network.
- Intrusion Detection Systems (IDS) serves as an alarm system signaling when there has been suspicious activity detected.
- Intrusion Prevention System (IPS) serves as an advanced alarm system and response system that will attempt to defend the network against attacks automatically.
- Demilitarized Zones or Screened Subnets provide a heightened security layer between untrusted networks and internal networks. This is done by using logical screening routers to separate external networks from a perimeter network and the perimeter network from the internal network.
Firewalls are gatekeepers, either software or hardware positioned between a company's network and the external untrusted networks. They control traffic flow by employing one or more of several methods:
- Static Packet Filtering: Static packet filtering is a method of filtering traffic based on the packet header addressing information. This is commonly used in larger organizations to prevent banned websites from being accessed (e.g., social media).
- Proxy Services: Firewall proxy servers stand in-between the internal network and external networks such as the internet. The proxy acts as an initiating intermediary connection between requester and resource, preventing direct packet transfers from either side of the firewall, making it more difficult for intruders to view the location of the network from packet information.
- Stateful Inspection: A common firewall method, stateful inspection records outgoing traffic and only allows traffic back through that corresponds to an initial request. This prevents IP spoofing and network scanning from external networks.
Perimeter firewalls are an essential component of any network security solution. The current cyber landscape is seeing even more sophisticated attacks as well as advancing solutions like the next-generation firewall (NGFW), which are offering greater security against new but unknown threats.
Benefits of a traditional firewall include:
- Traffic Monitoring: Firewalls allow detailed monitoring of both incoming and outgoing packet transfer. They offer detection and protection against the introduction of malicious content to the network.
- Trojans Detection and Prevention: Trojans are interloper code that smuggles itself into networks by attaching to computer files. They can relay information about the network vulnerabilities to hackers or cause even greater malicious attacks from within; firewalls can detect and prevent trojan attacks.
- Stop Keyloggers: Keyloggers are spyware that attempt to record keystrokes and steal vital information, such as PIN codes and account passwords.
Businesses today face many risks and challenges when protecting their networks and defending against attacks. Some of the risks that must be considered when planning around a perimeter firewall are:
- Unknown Device Risk: Employees and users are connecting to their organization's network from external networks and from mobile devices, which increases the risk of penetration.
- Cloud Risk: As more and more businesses are moving their data and applications to infrastructures that they do not own, such as data warehouses, cloud computing, and SAAS, they must adapt their policies to meet current risks.
- Web Services Risk: To offer or use web services may require opening up the company's network to outside networks.