Perimeter Networks
An Internet-facing host accepts or initiates connections from or to hosts on the public Internet.
- placed in the perimeter network zone
- basic principle
- traffic cannot pass through it directly
- enables external clients to access data on private systems without compromising security
- basic principle
- communications between internal and external networks should pass through a proxy in the perimeter network
- e.g.,
- host on local network requests a connection with a web server on the Internet
- proxy takes the request and checks it
- if valid, transmits it
- to external host, all comms seem initiated by the proxy
- external host has not direct connectivity to the LAN device
- host on local network requests a connection with a web server on the Internet
- e.g.,
- servers that provide public access services should be placed in perimeter network
- e.g., web servers, mail servers, proxy servers, remote access servers
- hosts in perimeter network are not fully trusted by internal network