The “De-perimeterization” of Networks
By Ido Dubrawsky
Security Advisor, Microsoft Communications Sector
See other Viewpoint articles.
The architecture of the network perimeter is changing. The wisdom of the past was to harden the perimeter as much as possible by layering multiple technologies to detect and protect against threat. The concept was to secure organizational borders and then, after that, the network. There were various business drivers that put this “perimeterization” in sync with the needs of the business. These drivers include:
The explosion of IP addresses, with one on nearly every electronic device, and with some of these devices, such as mobile phones, having significant associated business functionality
Increased connectivity from outside the enterprise environment by customers, employees, and business partners and
Increased business relationships of various forms including relationships in a "coopetition"—a situation where a competitor in one field is also a business partner in another.
One difficulty with the hardened perimeter model is that as more and more technologies are added to the perimeter, the management burden increases, in some cases faster than the rate of deployment of the new technologies. Additionally, with so many “band-aid” type solutions layered at the perimeter, it eventually becomes hardened to the point that it negatively impacts the ability of the business to react effectively to new opportunities or to conduct business. We need to rethink this approach, and need to realize that while we are adding point technologies to the network perimeter in the name of security, we are also dramatically increasing the complexity of the perimeter and thereby making it more difficult for the business to respond to new opportunities.
Today’s businesses are trying to be more adaptable and more flexible with regard to people, technology, and processes. But flexibility is countered by a rigid network perimeter design where the legal boundary of the business may no longer match the logical boundary. It is specifically because of these developments that the hardened, inflexible perimeter of yesterday is quickly losing favor as a logical solution for many organizations. The hardened perimeter is giving way to a process known as “de-perimeterization”—the slow disappearance of the perimeter network (also known as DMZ, demilitarized zone, and screened subnet) in order to accommodate the reality of today’s business networks and environment.
What De-perimeterization Is Not
Many IT security professionals automatically associate de-perimeterization with the idea of throwing out all of the security at the edge of the network in favor of some new architecture. This is not accurate. De-perimeterization is not simply the dismantling of all the border security that is in place today, nor is it the removal or replacement of firewalls across the board. It is also not a redistribution of the security devices within the network, nor is it a tirade against deep packet inspection or an argument for eliminating intrusion detection or intrusion prevention systems. De-perimeterization may involve some or all of these concepts, but it is done with the central tenet that defense in depth security is a critical part of a network’s overall security effort, yet that the security needs to be pushed deeper toward the data than ever before. (Simmonds, 2004)
What Is De-perimeterization?
De-perimeterization is a term that was coined by the Jericho Forum to “describe the erosion of the traditional ‘secure’ perimeters, or ‘network boundaries’, as mediators of trust and security.” (The Jericho Forum, 2006) These boundaries are not just physical but also logical, in the sense that they demarcate the edges of an organization or enterprise. Networks grow along with business growth. However, the rigid perimeter has created a situation where the ability of a business to effectively enter new markets (whether they are markets that are determined by physical location and the establishment of new sales offices, or through the development of business relationships with partners) can be impacted by inflexibility in the perimeter.
The inevitable question beyond the definition of de-perimeterization is “what does de-perimeterization entail?” De-perimeterization involves rethinking the concept of the network boundary. The industry is already seeing the business case for de-perimeterization. Indicators such as a disjoint between the business legal border and the network perimeter, demands for direct interconnects from partners and suppliers, distributed and shared applications across business relationships, and the increasing number of applications that use technology to bypass firewall restrictions at the perimeter all point to the need for de-perimeterization for a business. In addition, the fact that traditional firewalls and perimeter defenses are increasingly unable to defend against malicious software that uses the Web or e-mail as a transport medium provide incentive to rethink how we are defending our networks at the edge against these threats. (The Jericho Forum, 2007)
Because we allow protocols such as HTTP and SMTP, and especially encrypted traffic such as Secure Socket Layer (SSL) and Internet Protocol security (IPsec), to bypass the edge security policy that is defined in the network perimeter, it is inevitable that an exploit will successfully transit across a network's perimeter security at some point. In addition, intrusion detection systems have little defined value in the network perimeter because of the number of alarms that turn out to be false positives and therefore create a high noise-to-signal ratio that occurs with such deployments. Attacks are changing at an ever-increasing rate, making it difficult to keep up by simply layering additional network defenses at the perimeter.
Whether attackers exploit a vulnerability directly or use other indirect means such as phishing or pharming, their goal is to gain access to or control of business data. This data can be in the form of credit card information, employee information, or even financial data about the enterprise itself. There are other examples, but the bottom line is that attackers are interested in gaining access to data, and they are becoming more and more adept at doing so. While in the past a hardened perimeter was the optimal solution, the environment has changed sufficiently that we must rethink that concept. A hardened perimeter is good for a business or organization that wants to function only within the confines of its own environment, with e-mail being the only conduit to the outside world. (The Jericho Forum, 2007) However, this model is now antiquated and does not provide the necessary benefits to function effectively in today’s business climate.
The Business Benefits of De-perimeterization
De-perimeterization offers organizations new ways to conduct business. Some of these benefits, outlined in a white paper by the Jericho Forum (The Jericho Forum, 2007), include:
Enterprise resource planning (ERP) systems can be connected directly and integrated between a business and its major partners, providing for closer cooperation and a more effective exchange of data.
Legal, commercial, and quality-of-service borders can be aligned with the network and infrastructure architecture.
Partners, joint ventures, contractors, and others can access the data they need directly as if they were physically connected to a business office or site.
Direct electronic interaction with customers is possible.
Remote offices can be migrated from slow, expensive, managed network connections to inexpensive, direct, and fast network connectivity.
For de-perimeterization to work effectively, security must be at the heart of the business network architecture. Security must be applied across the board whether it is in user devices such as workstations and mobile systems, or in application services or businesses critical information assets. The concept of defense in depth must be applied beyond the current idea of subdividing the network and layering in new security technologies. Instead, we must build the network with security as a core tenet. If security is not built in from the beginning, its effectiveness is greatly reduced.
Technologies for De-perimeterization
Does the move to a de-perimeterized network involve a “forklift upgrade” (major overhaul)? The answer doesn’t have to be yes. There are many technologies that can be applied, in a stepwise fashion, to help businesses move toward a de-perimeterized network. These technologies include the Active Directory service, SSL Virtual Private Networks (VPNs), Network Access Protection (NAP), Windows Rights Management Services (RMS), and Server and Domain Isolation using IPsec. While these are not the only technologies that are needed, they represent a significant subset of the core technologies that businesses can use to make the transition from the hardened perimeter to a de-perimeterized environment. Following is a description of how these technologies work in this design:
Active Directory provides a central repository of authentication and authorization information for determining access to the network and to data on the network.
Rights Management Services helps protect the end data on the network by controlling direct access to that data at the source.
Network Access Protection provides control as to who can access the network and from where, based on the health “state” of the end device.
Server and Domain Isolation provides the ability to restrict access both within the network and on the network edge, by defining access based on system policy and enforcing that access by requiring an IPsec connection to the server computers that are being isolated.
A Secure Socket Layer Virtual Private Network such as Microsoft Intelligent Application Gateway (IAG) 2007 can provide users with controlled, secure access to data or applications based on authentication parameters and end system state. Users can be customers, employees, or business partners.
It is important to remember that the move to a de-perimeterized network is not an overnight endeavor. However, the technologies exist that bring the de-perimeterized network within grasp of many enterprises. It is important to realize that while the security threats we see today are evolving and the business needs of the enterprise have significantly changed, the security model and architecture that most businesses use today do not reflect those pressures.
Thank you for reading. I invite your comments; you can reach me at firstname.lastname@example.org.
The Jericho Forum, April 2006. Architecture for De-perimeterisation. Retrieved April 2007, from The Jericho Forum: http://www.opengroup.org/jericho/Architecture_v1.0.pdf
The Jericho Forum, January 2007. Business Rationale for De-perimeterisation. Retrieved April 2007, from The Jericho Forum: https://www.opengroup.org/jericho/Business_Case_for_DP_v1.0.pdf
Simmonds, P. (2004, July 28-29). This Decade's Security Challenge. Retrieved August 2007, from Blackhat Las Vegas 2004: http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-simmonds.pdf