The Primary Purpose of Perimeter Security
A perimeter is the boundary that separates your assets from the outside world. The purpose of perimeter security is to deter, detect, delay and deny unauthorized access to the assets within the perimeter by persons bent on theft, vandalism, diversion, sabotage and other criminal acts. Perimeter security is divided into physical security for buildings and grounds, and logical security for computer networks. Physical and logical perimeter security systems employ different tools and techniques, but have the same purpose.
According to a U.S. Government Accounting Office (GAO) report on physical security at the nation’s top biosafety laboratories, physical perimeter security is a combination of people, devices and procedures dedicated to protecting the assets within the perimeter by blocking unauthorized physical intrusion across the perimeter.
Effective physical perimeter security requires a clearly defined and well-lit perimeter marked by fencing or other unmistakable warnings to keep out unless authorized, said the GAO report. It also requires a security command center, barriers to block vehicles, a buffer zone between the perimeter boundary and the assets inside, visible guards at each public entrance, roving guard patrols, separation of loading docks from critical facilities, closed circuit TV, electronic intrusion detectors and physical and electronic screening of visitors and their vehicles.
Perimeter security for computer networks can be difficult to implement because the perimeter today is hard to define, said an IBM online “Red Paper” on IT perimeter security. In former times, a firewall was sufficient to define the network perimeter. Everything inside the firewall was trusted, everything outside it was suspect. The advent of the Internet and Internet-enabled devices have made all types of fixed and mobile computer access devices part of your network’s perimeter, meaning the perimeter is a dynamic thing that changes from day to day, hour to hour and even moment to moment.
Network perimeter protection requires multiple simultaneous approaches, said IBM’s Red Paper. You need network management tools that monitor network activity. These tools must be able to identify what devices are connected to your network, what these devices are doing, and whether their activities are authorized and/or normal for the network. These tools also must keep track of legitimate moves and changes to the relationships between host systems and the devices that access them. In short, these tools must be able to alert you to unexpected changes in who talks to whom and how they talk, so you can investigate.
Your network management practices must recognize that different network assets need different levels of security protection, said the IBM Red Paper. In practice that means you need to zone your network according to how vital the assets in each zone are to business operations, and put more security on the most critical zones. The idea is to turn each zone into part of your perimeter defense to ensure intruders can’t get past the zone of entry and run wild across your network. The host computers that hold your most critical information also are part of your perimeter and need a final layer of protection to ensure only authorized devices and users can access the host.