Perimeter Defences

Within organisations, large amounts of data are collected and stored in internal networks. These internal networks must be protected, and perimeter defences are the barrier controlling what gets in and out to these internal networks. Network perimeters provide a secure boundary between the private internal network and the public network, such as the internet. 

There are a few ways in which we can secure our network perimeters. Seen as the first line of defence against cyber attack, firewalls protect networks by only allowing trusted traffic in. Firewalls work out what is trustworthy based on a set of rules about the traffic type and its source or destination. Allowing in only trusted traffic reduces the risk of cyber attack by protecting the internal network from potentially harmful data. 

As well as firewalls, organisations usually deploy further perimeter defences, such as IDS or IPS. An IDS is an intrusion detection system, which detects suspicious activity and alerts of this. Going a step further from detecting and alerting on potential threats, an IPS is an intrusion prevention system. An IPS works to actually defend the network automatically, without the need for human intervention. Having an IDS or IPS in place means that any suspicious traffic that has got through the firewall will then have to pass another barrier before gaining access to internal networks. This layering of safety controls is certainly the most effective approach, as it means that attackers would need to circumnavigate multiple controls to break through, decreasing the likelihood of success for attack. 

While these measures are still necessary today, it is clear that the network perimeter is changing and there is now a blurring of the boundary itself. The increase in internet use and reliance on cloud computing has meant that those within organisations access their applications and information via the internet instead of the protected internal network of an organisation. Therefore, staff are accessing the internal data of their organisation from any location or device. With this in mind, security efforts must be maximised in terms of identity. If data can be accessed anywhere at any time, the protection of data lies in who is able to log-in to the cloud. To gain access to work accounts, multi-factor authentication should be essential, as well as managing levels of access across employees. 

Once access has been gained to the internal networks or the organisation’s cloud, other defences must be in place to offer further protection from malicious actors.