The Deperimeter Problem

Yes, the castle-and-moat model has lots of shortcomings, but the concept of "deperimeterization" is a long, long way off

November 01, 2005 — CSO — The old network security modelperimeter defensewas a lot like the old physical security model: Put your assets in a secure location, build a wall and use a gate to control who goes in and out. Many today say the perimeter model is obsolete; some even say the perimeter should be removed altogether. While today it's critical to understand the shortcomings of the castle-and-moat model, CSOs should be a long way from tossing their firewalls altogether.

The perimeter defense approach worked pretty well for the walled cities of the ancient world, and it worked pretty well for computer networks in the 1990s. In many ways, the approach is fundamentally sound. It makes more sense to stop attackers with hardened outer defenses than to let them come inside and fight your most vulnerable citizens with hand-to-hand combat. No one would dream of arming an office clerk with an antitank gun; it's the job of the soldiers on the front lines to keep tanks away from the file clerks!

Of course, no perimeter defense is perfect. The Trojans learned this fact the hard way a little more than 3,000 years ago, when they brought that giant wooden horse filled with Greek soldiers inside their perimeter wall. Once the bad guys are inside the gate, the wall becomes irrelevant. Security consultants have been warning organizations for years about the danger of underestimating the insider threat. They argue that concentrating on perimeter defenses invariably tempts an organization into relaxing its internal defenses. For example, organizations are understandably hesitant to patch and upgrade the computers inside their networks when they are spending all that money on a firewall. But external threats have a way of sneaking past even the best perimeter defenseeither because an executive plugs an infected laptop into an internal network or because a rogue 802.11 access point lets outsiders come wirelessly through your walls and plug in.

Even if perimeters were perfect, the perimeter approach assumes that assets stay put inside the perimeter's protective ring. This assumption is no longer true in today's world of laptops, Web portals, memory sticks and BlackBerrys. High-quality information is constantly crossing every organization's physical and electronic perimeters. Relying solely on perimeter defenses is like buying a home alarm system to protect your children from kidnapping, then allowing them to ride alone to school on the New York City subway.

Perimeters today have gotten such a bad name that some consultants and journalists are heralding "the end of the perimeter." CSO, for example, wrote about this concept early last year (see "The World Is Your Perimeter" )