A network perimeter is the interface between internally managed, owned, and controlled networks and external networks to which they connect. Some in the security industry have called the perimeter the “gateway to the internet.” The network perimeter is considered a first layer of defense for protecting internal systems and data, and helps block unwanted or potentially malicious traffic through devices—or connectors—like firewalls, IDS/IPS, load balancers, routers, VPNs, and honeypots, which all serve part of a DMZ (demilitarized zone).
Outside resources to which networks can connect through the perimeter include internet service providers (ISPs), wireless networks, public web servers, the internet, or another private network; the security of these cannot be known or controlled by internal resources, and may not be up to the standards of an enterprise security team.
Over the years, the network perimeter has all but disappeared, due to virtualization, cloud, wireless networks, removable storage, and other third-party controlled networks, making securing network endpoints at the perimeter increasingly complex.
Get the DeMISTIfying InfoSec newsletter every Tuesday!