The Importance of a Network Perimeter in Your Security

Consider the network perimeter as a wall between your internal network and the outside world. The infrastructure in the network perimeter is still a component in your environment, but it acts to block the public internet from accessing your data but still allow authorized users to pass through.

 

What is the Network Perimeter?

The components included in a network perimeter depend on your infrastructure design, business rules, and technology budget. A few components are usually included in an enterprise network perimeter:

• Routers: Routers and switches control the flow of traffic and segment the network into logical environments. They act as the traffic control component for any network traffic and direct authorized traffic to the right network segment. For example, a router directs web page requests to the network segment hosting a business web server.
• Firewalls:  Routers and firewalls work together to determine if traffic is allowed to access a network segment. Firewalls block or allow traffic based on administrator configurations on the device, and they log traffic to determine if malicious unauthorized traffic access the network.
• Intrusion Detection System (IDS): Administrators need a way to detect when malicious traffic accesses the network or threats attempt to launch an attack against the network. An IDS alerts administrator when suspicious activity is detected so that they can review it further.
• Intrusion Prevention System (IPS): An IDS usually works together with an IPS. An IPS is more active and works to prevent malicious traffic from accessing the network. Instead of alerting administrators of malicious unauthorized access, an IPS stops malicious activity from happening, contains it, and alerts administrators that traffic was successfully blocked.
• Demilitarized Zone (DMZ): A DMZ is a network segment containing servers and infrastructure available to the public. It’s outside the internal network but within the perimeter. For example, a public web server hosted on-premises should be in the DMZ.

You could have one or none of these components in your network design, but it’s likely that you have at least a router and firewall. If you host all your applications and services in the cloud, then you might not have a DMZ, but the cloud provider has infrastructure for a network perimeter so that you can set up monitoring and detection with an IDS and IPS.

 

Network Perimeter vs. Network Parameter

As you design your network, you’ll see documentation refer to network perimeters and network parameters. A network perimeter is the external infrastructure used to protect the internal network from malicious activity. Network parameters are the administrator configurations and design used on network infrastructure.

The network perimeter has network parameters set when administrators configure it. For example, an administrator might configure a firewall to allow only VPN IP addresses to access the internal network. This network parameter ensures compliance of remote access and protects the network from unauthorized access. Network parameters are the administrator preferences used to configure the ways a network functions and the ways users are allowed to access data and services.

Performance and connectivity are two main focuses when administrators configure network perimeter infrastructure. Parameters control performance of servers, applications, and other network services. Connectivity and availability rely heavily on network parameters, so any changes to these parameters should be tested thoroughly.

 

When Do You Need a Network Perimeter?

Not every business needs a network perimeter. Small businesses might not need a perimeter, but the introduction of an at-home workforce requires infrastructure to protect data when employees connect from external sources. Compliance regulations require certain safeguards for remote user access, but every business should design infrastructure that builds cybersecurity into network connectivity.

A few scenarios where you should build a network perimeter:

• Remote workers connect to internal resources using VPN
• Public services are hosted on-premises, and users are given access to them from the internet
• Internal applications hosted in the cloud and accessible to at-home employees
• API applications allow the public to query data from the internet
• Any assets that must be available on the internet and hosted on-premises

Many businesses have a hybrid cloud environment, which means that they host some corporate resources on-premises and other resources are hosted in the cloud. Connectivity between these two environments is controlled using cloud services including Identity and Access Management (IAM).  Firewalls, IPS, and IDS protect both the cloud and local network and monitor the environment for any suspicious activity.

 

How WebTitan Can Help Protect Your Network Perimeter

Every cybersecurity tool should work with the network perimeter to protect the internal network from unauthorized access. Attackers want data hosted on internal resources or data stored in the cloud. One way to access data is using malware hosted on attacker-controlled websites. Another method is to use a phishing website where employees are tricked into providing their network credentials.

Web content filters are one way to protect user devices and the network perimeter. WebTitan is a web content filter that blocks users from accessing malicious websites in their browsers. It works with a hybrid, cloud, or completely on-premise environment allowing administrators to configure internet content access permissions even for users located remotely.

DNS-based content filtering with WebTitan blocks user browsers from loading a malicious page so that administrators don’t need to rely on antivirus to catch malware downloads. Antivirus is still necessary, but WebTitan adds a layer of security and lets antivirus software be a safety net as it’s intended to be.

A DNS-based web content filter blocks a domain when the user’s browser performs a query on nameservers. WebTitan intercepts the request and performs a lookup. If a domain is listed on a custom blacklist or it’s listed in TitanHQ’s malicious website database, the user receives a warning message, and the domain is never loaded in the browser. Administrators can view a list of sites blocked for a specific period of time and analyze if a single domain is commonly blocked. A domain consistently requested by numerous users could also mean that the business is a current target for a phishing or social engineering threat.

Any business with a bring-your-own-device (BYOD) policy can also benefit from WebTitan. User personal devices are a risk for the business and the network perimeter, but WebTitan allows businesses to direct traffic through a malicious domain detection application regardless of the device and the applications installed on it. Administrators can’t force users to install antivirus on user personal devices, but they can protect the network using DNS-based web content filtering as users browse the internet on the business network.

Because WebTitan runs in the cloud, administrators do not need to manually update the product, and malicious domains are automatically added to blacklists. Administrators don’t need to update or patch the product, because it’s automatically updated in real-time.

Any suspicious behavior can be detected using WebTitan’s reporting module. Reports allow administrators and stakeholders to view user behavior and browsing habits, blocked sites, security and trends, and information about the ways WebTitan helps to protect your corporate data. WebTitan reports also tie into phishing defenses by letting administrators identify when the business could be a target for phishing.

Web content filtering is a cybersecurity layer that should be included in any environment where external access is provided to employees, contractors, vendors and other third parties. It blocks many of the common threats including ransomware, malware, phishing, and credential theft. Users are any organization’s weakest link and often leads to critical data breaches from malware and ransomware.