LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is the perimeter in network security, and why does it need more than just a router?

The perimeter is the boundary between the internal corporate network (Intranet) and the external Internet (or ISP). A router alone forwards packets — it doesn't decide who is allowed through. Anything beyond minimal trust requires packet filters, firewalls, or ALGs.

The two-zone mental model:

   Internet (untrusted)
        │
   ━━━━━━━━━━━  ← perimeter (the line of defense)
        │
   Intranet (trusted, your network)

Why a router isn't enough:

Functionality Router Firewall
Forwards packets between networks yes yes
Stops packets based on policy no (in default config) yes
Tracks connection state no yes (stateful FWs)
Inspects application content no yes (NGFW/WAF)
Logs decisions Minimal yes

A router with no ACLs forwards everything it can route. The perimeter exists because routing ≠ security — connecting two networks doesn't decide what should be allowed between them.

Why "perimeter" is partially obsolete:

The classic perimeter model assumed: "inside = trusted, outside = hostile." Today with cloud services, remote workers, BYOD, and SaaS, that boundary is dissolving — hence Zero-Trust Architecture (where nothing is trusted by default, regardless of network position). The perimeter still exists as a defense layer; it's just no longer the only one.

Tip: Even Zero-Trust networks deploy firewalls — they just don't rely on them as the sole defense. Defense-in-depth is the lesson: layer perimeter FW + host FW + identity-based access + encryption.

Go deeper:

From Quiz: INTROL / Firewall Fundamentals | Updated: Jul 14, 2026