Skip Links

Send to a friend Feedback

Security in a world without borders

As the perimeter loses ground in the battle for secure networks, some security executives want to do away with perimeter security altogether. But others aren't so sure.

By Joanne Cummings, Network World
September 27, 2004 12:09 AM ET

Network World - Face it, you've already been de-perimeterized. The question now is, what are you going to do about it?

As organizations have opened their networks to business partners, customers and suppliers, they find that perimeter safeguards such as firewalls are opening as well. Then there's the increasing mobility of so-called internal users, who connect to corporate resources via external wired and wireless links. Organizations still have perimeter firewalls in place, but they're now shot so full of holes that they barely provide any protection at all.

"Our borders are ineffective today. We consider them more as sieves - they keep the lumps out, the script kiddies and denial-of-service attacks, but they're not protecting us against many of the threats we face today," says Paul Simmonds, co-founder of the Jericho Forum, a user group examining the ramifications of de-perimeterized networks (see related story). Recent threats such as the Sasser and Blaster worms, which just walked right by network perimeter protections and hit internal networks hard, provide proof, says Simmonds, who is director of global information security at ICI, a chemical conglomerate in London.

Other users agree that they are struggling to secure their networks now that their perimeter safeguards provide less protection. The most popular strategy in fighting de-perimeterization is what the security community calls "defense in depth." This is the process of shoring up perimeter defenses by layering on tighter and more numerous internal protections.

"We've realized here that it's no longer enough to focus on your perimeter firewalls or even have [intrusion-detection systems] outside your firewalls," says Adam Hanes, manager of information security at law firm Sonnenschein Nath & Rosenthal in Chicago. "You also need to pull that stuff in toward your assets. We have multiple application-level firewalls at different points, we have multiple IDSs and [intrusion-prevention systems] at different points, we have a vulnerability assessment package that we use on a regular basis, and we have a third-party audit package. We don't just look at the perimeter; we look at the whole network."

Jericho advocates another way: Don't fight de-perimeterization; embrace it.

Once we acknowledge that our perimeters are obsolete, we can spend less time and fewer dollars on them and instead focus on better internal security, Simmonds says. Forward-thinking organizations that embrace this idea will begin to move Web applications outside the perimeter and closer to the people who use them. The thought is that eventually perimeters will dissolve, saving money and making the business more effective.

"If you don't have a border and you don't need to operate within a DMZ, then you have a lot of business advantages," he says. "You can be quicker to market, you can do things faster, you can do things more effectively with less interference and less hardware. You don't need a security team to analyze it and get back to you in a couple of months. You can be up and running doing e-business theoretically in minutes. That's a huge advantage."

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News