Why Securing Only the Network Perimeter is the Wrong Approach

Every time I encounter an organization that focuses on perimeter security while ignoring best practices on the internal network I think of Gary Larson’s Far Side cartoon where two polar bears are on either side of an igloo and one says to the other, “Oh hey! I just love these things!…Crunchy on the outside and a chewy center!”

Perimeters have become very complicated. Employees may need to work from remote locations. Companies may allow employees to use personally owned mobile devices to access the internal network. Companies often operate guest networks to accommodate visitors. A perimeter may include a DMZ that permits access by customers, but may also permit access to vendors and external partners that have more privileges than customers.   All of these practical realities lead to somewhat porous perimeters.

Too often companies trust the internal network and the people using it.  Companies may terminate encrypted traffic at its perimeter but transmit sensitive data, in clear text on the internal network.  This means that if a single attacker can somehow breach the perimeter, it can be trivial for the attacker to gain access to all data and systems on the internal network.

A better set of practices results from assuming  that all network segments are always compromised.  In response to such an assumption, all sensitive data should always be encrypted during transmission.  Passwords should never be sent as clear text.  There should not be a single perimeter, instead every host should have a local firewall.  There should be clear segregation of duties and all transactions should require review and approvals.

A more recent trend is to also ensure that data is encrypted while stored on any hard disk, database, or media. Secure management of the encryption keys needed to protect data at rest has become more viable in recent years.  Many products now support the use of third party hardware security modules (HSMs)  to facilitate secure management of encryption keys.

Many well publicized breaches that occurred in the past two years had a duration of months. Often organizations were informed of the breach by third parties, including law enforcement, instead of detecting the breach on their own.  The organizations in these well publicized breaches never noticed that large quantities of sensitive data was being transmitted to unauthorized destinations.  Careful monitoring of access to data, copying of data, or attempts to transmit data to unapproved destinations can lead to earlier breach detection and prevention.  These same practices are needed to protect intellectual property.