Gartner Research

Decision Point for Network Perimeters

Published: 10 July 2012

ID: G00235643

Analyst(s): Eric Maiwald , Daniel Blum

Summary

Like cities, modern IT environments must incorporate zoning of activities as well as traffic control. Network perimeters enforce network security zone boundaries using firewalls, VPNs, intrusion detection/prevention systems, and various filtering mechanisms. Today, a single firewall is no longer sufficient to cover the zoning requirements of a complex organization. This Decision Point guides readers through the architectural decision-making process for selecting network perimeter mechanisms to use at distributed sites and data centers.

Table Of Contents

Decision Point

Decision Context

  • Business Scenario
  • Architectural Context
  • Related Decisions

Evaluation Criteria

  • Requirements and Constraints
    • Enforce Network Security Zone Boundaries
    • Use Security Overlays to Include Mobile Systems and Remote Sites in a Zone
    • Enable Information Flows While Enforcing Policies
    • Required Perimeter Functions
    • Provide Enough Surety to Manage the Risk
    • Detect and Remediate Zone Perimeter Failure
    • Manage Perimeter Policy
    • Verify Configurations and Policies
  • Principles

Alternatives

  • Physical Perimeter Security
  • Sites and Direct or Indirect Internet Access
  • Perimeter Security Mechanisms in the Network
    • Network Firewalls
    • VPN Concentrators and Built-In VPNs
    • Proxy Systems
    • IDS/IPS Devices
    • Web Application Firewalls
    • Switched Network Firewalls
    • Network Devices
    • VLANs
  • Perimeter Security Mechanisms on Endpoints
  • Perimeter Security Mechanisms within a Virtual Environment
  • Security Overlays vs. Perimeter Devices
  • Control and Audit Zones

Future Developments

Decision Tool

  • Per-Site External Perimeter Position
    • SOHO Perimeter Position
    • Smaller or Larger Site External Perimeter Position
    • Data Center Site External Perimeter Position
  • Per-Perimeter (Internal or External) Position
    • Physical or Logical Perimeter Security Position
    • Data Center Application Delivery Controllers and Internal Perimeters Position
    • Zone Perimeters Within an Internal Cloud Position
    • Monitoring Mechanisms Position
  • Control Zone Position
    • Separate control zone systems and traffic from other zones using a combination of perimeter devices and security overlay mechanisms.
  • Audit Zone Position
    • Separate audit zone systems and traffic from other zones using a combination of perimeter devices and overlay security mechanisms.
    • Protect audit information through other means.

Recommended Reading

©2019 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.