Week 2: Perimeter Network - M199205zn/Datacomm-CS3 GitHub Wiki

Perimeter Networks:

Overview

A Perimeter Network, also known as a Demilitarized Zone (DMZ), is a layer of a network that sits between an organization's internal network and an untrusted external network, typically the internet. It acts as a buffer zone to provide an extra layer of security for critical network assets. Perimeter networks are widely used to host public-facing services while protecting the internal private network from potential threats.

image

This image illustrates a Full Network Perimeter setup, showcasing how an organization's network is structured to ensure security and controlled access to both internal and external resources.

1. Internet

The internet is represented as the external network, which connects users and external entities to the organization's network.

2. Secured VPN Tunnel

  • Purpose: A VPN (Virtual Private Network) tunnel provides a secure, encrypted connection for remote workers to access the network. It ensures confidentiality and integrity of the data transmitted over public networks.
  • Remote Worker: This section demonstrates how a remote worker with a VPN client connects to the network securely.

3. Firewall

  • Role: The firewall is a security device positioned between the external internet and the internal network. It filters incoming and outgoing traffic based on predefined security rules.
  • Functionality:
    • Blocks unauthorized access.
    • Protects internal systems from malicious traffic.
    • Enforces access policies for the DMZ and LAN.

4. DMZ (Demilitarized Zone)

  • Location: The DMZ is placed between the firewall and the internal LAN.
  • Purpose: Hosts public-facing services and devices, such as:
    • Web servers.
    • Email servers.
    • Application servers.
  • Isolation: Servers in the DMZ are isolated from the LAN to minimize risk in case of a compromise.

5. Router

  • Role: Connects the firewall, DMZ, and internal LAN.
  • Purpose: Routes traffic between different network segments while supporting additional filtering or security mechanisms.

6. IDS/IPS (Intrusion Detection/Prevention System)

  • Purpose: Monitors network traffic for suspicious activities.
    • IDS (Intrusion Detection System): Detects potential security threats or policy violations.
    • IPS (Intrusion Prevention System): Proactively blocks detected threats before they affect the LAN.

7. LAN (Local Area Network)

  • Definition: The internal, private network where the organization's core resources, such as employee devices and sensitive systems, reside.
  • Components:
    • Network Switch: Connects multiple devices within the LAN, allowing them to communicate with each other.
    • Devices: Includes laptops, workstations, and other internal systems.
  • Protection: The LAN is shielded from external access through firewalls and the DMZ.

How This Architecture Enhances Security

  1. Layered Security: Multiple layers (firewall, DMZ, IDS/IPS) ensure threats are mitigated before they reach the LAN.
  2. Controlled Access: Only specific traffic is allowed to pass between the internet, DMZ, and LAN.
  3. Remote Access Security: VPN ensures secure communication for remote workers without exposing sensitive resources.
  4. Threat Detection: IDS/IPS monitors and prevents malicious activity in real-time.

Key Advantages

  • Minimizes risk of direct attacks on internal systems.
  • Facilitates secure remote access and public-facing services.
  • Enhances monitoring and traffic control for the network.

Purpose of Perimeter Networks

  1. Isolation: Segregates external traffic from internal networks, reducing the attack surface.
  2. Security: Protects sensitive internal systems from direct exposure to external threats.
  3. Accessibility: Hosts public-facing services like web servers, email servers, or FTP servers, allowing them to communicate with external networks without compromising internal security.
  4. Traffic Control: Filters traffic, allowing only specific types of communication between the internal network, perimeter network, and external sources.

Key Components in a Perimeter Network

  1. Firewalls:

    • A firewall is placed at the entry and exit points of the perimeter network to control and monitor traffic.
    • It enforces strict access control rules, allowing or blocking traffic based on the organization's security policies.

  2. Proxy Servers:

    • Proxy servers in the perimeter network act as intermediaries for requests between clients and servers.
    • They enhance security by masking internal network addresses and filtering traffic.

  3. Intrusion Detection and Prevention Systems (IDS/IPS):

    • IDS monitors traffic for malicious activities or policy violations.
    • IPS actively prevents detected threats from entering the network.

  4. Public-Facing Servers:

    • Services like web servers, email servers, and DNS servers are typically located in the DMZ.
    • These servers are accessible from the internet but isolated from the internal network.

  5. VPN Gateways:

    • VPN gateways allow secure remote access for employees to connect to the internal network via encrypted communication.

Advantages of Perimeter Networks

  1. Enhanced Security: Prevents direct exposure of the internal network to potential attackers.
  2. Improved Monitoring: Centralizes traffic monitoring and anomaly detection.
  3. Controlled Access: Regulates traffic flow between internal and external networks.
  4. Fault Tolerance: Isolates attacks to the perimeter network, minimizing impact on the internal systems.

Perimeter Network Design Approaches

  1. Single Firewall Architecture:
    • Uses a single firewall to create a DMZ between external and internal networks.
    • Simplified design but less secure compared to dual-firewall setups.

image

  1. Dual Firewall Architecture:
    • Employs two firewalls, one between the external network and the DMZ, and another between the DMZ and the internal network.
    • Provides an additional layer of protection, ensuring stricter traffic control.

image

Use Cases for Perimeter Networks

  1. Web Hosting: Hosting public websites and ensuring they don’t compromise internal security.
  2. Email Services: Managing email communication with secure email gateways in the DMZ.
  3. Third-Party Integration: Allowing external vendors to access certain applications or services without exposing the entire internal network.
  4. Remote Access: Using VPNs in the DMZ to secure connections for remote employees.

Common Threats to Perimeter Networks

  1. DDoS Attacks: Overwhelming public-facing services to disrupt operations.
  2. Unauthorized Access: Exploiting vulnerabilities in DMZ servers.
  3. Man-in-the-Middle (MITM) Attacks: Intercepting traffic between the external network and the perimeter network.
  4. Data Leakage: Exfiltration of sensitive information from misconfigured DMZ services.

Best Practices for Securing Perimeter Networks

  1. Regular Updates: Ensure all perimeter devices and servers are patched and updated.
  2. Strict Firewall Rules: Apply the principle of least privilege for firewall configurations.
  3. Encryption: Use secure protocols (e.g., HTTPS, SSH) for data transmission.
  4. Segmentation: Implement proper network segmentation between the DMZ, internal, and external networks.
  5. Monitoring and Logging: Continuously monitor traffic and maintain detailed logs for analysis.

Conclusion

A perimeter network is essential for modern organizations to ensure secure interaction with external entities while safeguarding internal resources. Its design and implementation should align with the organization's security needs, keeping performance, accessibility, and protection as the primary goals.