Introduction

Most computer networks can be categorized by the function they perform and the services they provide. Perimeter networks can be defined as any network that provides services to any other user or network of unknown security status. These provided services might include Internet access to corporate networks, public access to Internet applications, or possibly even remote access or VPN services. Networks of unknown security status to which those services are provided can be anything from the public Internet, the home networks of corporate users, or even the private networks of partner organizations. The category of perimeter network includes many different types of network functions; however, the one common function found in perimeter networks is a connection point to less trusted networks. Given this fundamental attribute, it is important to have security as one of the primary objectives when designing perimeter networks. Firewalls, Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs), filtering routers, and network segmentation are just some of the devices and techniques that are used in designing secure perimeter networks. And while a perimeter network is by no means the only location in your network architecture where security is paramount, perimeter networks are probably the most important place to implement security devices.

In this chapter, we focus on some of the main issues relating to designing perimeter networks. We discuss the general design principles commonly used when designing all network architectures and consider how those principles change when applied to designing perimeter networks. We also discuss the...