1.1 Disappearing Perimeters
In the old days (two years ago or so), a firewall was most of what an
administrator needed to protect a network from attack. It was easy to
establish where your network ended and the Internet began.
Technological advances and decreasing costs for wide area network
technologies have eroded this concept of a perimeter. VPNs have all
but replaced conventional dial-up modem pools. Most users have
high-speed DSL or Cable Modem service, and the VPN makes the user
feel like he's sitting at his desk. Some VPNs use an
appliance that sits on the perimeter of the network and has the
capability of controlling how the network is used remotely. While
this is a boon for telecommuters, it is a real risk for most
networks. A virus or worm-infected system on the
user's home network suddenly has unfettered access
to the inside of your network. That high-speed highway into your
network can allow rapid propagation of an aggressive worm.
Connections to business partners used to be an expensive proposition
and were only for the most well-to-do organizations. Dedicated T1
links are expensive. With less expensive network options (not to
mention network-to-network VPN connections), this cost has decreased
significantly. This allows many organizations to connect their
network to yours—sometimes directly into the internal network.
Without real precautions in place, security problems on the partner
networks quickly become security problems on your network—very
often undetected until much damage is done. Whether you trust your
partner to that extent is another matter.