Chapter 7. Protecting Your Perimeter
Stop to think for just a moment. When's the last time you saw an honest-to-%DEITY%,  rigid, well-defined , and impenetrable network perimeter? Go on, we'll wait.
It's been a while, hasn't it? For us, it's been so long we're beginning to wonder whether our foggy memories are nothing more than fading fantasies of whispers of shadows of network design purity Well, not really. Like security design, network design should always support the requirements of whatever businesses are running on the network. And when you consider all the various access needs of modern twenty-first-century business operations, you'll realize (perhaps reluctantly) that the traditional network designs we've all grown up with have morphed, stretched , and sometimes even twisted beyond their limits.
Reflect on all the various extensions of modern network " perimeters ." Indeed, the list is daunting:
Each of these has different needs and requires different levels of trust. How in the world can you build a perimeter now? Information assets are distributed across many business units, countless machines, and diverse geographies. The classical notion of a network perimetera limited set of computers located in the same physical buildingis no longer valid. It's been years since we've seen a truly isolated network: everything's got an Internet connection now. And among hosts connected to the Internet, mobile devices are well on their way of outnumbering regular computers. We predict this rapid proliferation of mobile devices will be the catalyst for a worldwide migration to IPv6. Asia has been investing in IPv6 for years, and near the end of 2004 the China Education and Research Network Information Center (CERNIC) announced the launch of CERNET2, an IPv6 network linking 25 universities in 20 cities across the country. It's the largest IPv6 network built so far, and propels China to the forefront of next -generation Internet development. 
Protecting a network perimeter is more than just installing a firewall and configuring a few rules. We'll cover that in this chapter, yes, along with Internet applications and VPNs for telecommuters and other kinds of remote access. We defer the discussion of wireless security to Chapter 10, "Preventing Rogue Access Inside the Network." But first we want to take a moment to review a popular information security taxonomy, because it's interesting to consider where firewalls fit.