A network is a Twinkie. I have heard numerous people make that reference, and it is a pretty accurate, albeit entertaining, reference. Much like a Twinkie, the good stuff in a network is on the inside, and you want to protect that stuff with a tough outer shell ”the network perimeter.
This chapter builds upon the device-hardening methods we have talked about in the previous ten chapters and looks at how we can use that information and those devices to provide a secure, hardened perimeter to protect our interior network.
The best methodology for hardening the perimeter that I have found is the Cisco SAFE blueprint (http://www.cisco.com/safe), and this chapter follows and builds on that methodology. We will look at a number of aspects of the network perimeter, including the following:
DMZ implementation methods The different techniques of implementing secure access to resources in the network perimeter
Internet access module The collection of devices that provides Internet connectivity
VPN/remote access module The collection of devices that provides virtual private network (VPN) and remote access connectivity
WAN access module The collection of devices that provides wide area network (WAN) connectivity
Extranet access module The collection of devices that provides extranet connectivity to external partners
Wireless access module The collection of devices that provides wireless network connectivity
E-commerce access module The collection of devices that provides e-commerce services