Securing the Perimeter: A Case Study

My employer is a small consulting firm whose specialty is providing their customers with Microsoft Windows and Citrix networked business solutions. They believed their internal servers were secure due to their diligence in keeping the Operating Systems up to date with the latest service packs, hotfixes and patches. Virus signatures and scanning software was also kept current. I was given the task of evaluating the security of the network perimeter and to make recommendations for securing our Internet connection. Examination of the perimeter infrastructure showed the network to be virtually defenseless. There was no Firewall installed and very little filtering of inbound or outbound Internet traffic on either the router at the corporate office or the router at the branch office. The Linux, Help Desk, Mail server and the two Active Directory servers had direct network links to both the internal network and the Internet making them prime targets for intruders. We decided to completely redesign the network perimeter to provide a layered Defense in Depth.