Quiz Entry - updated: 2026.07.14
What network security devices protect the enterprise perimeter, and what does each do?
The three main perimeter security devices are: VPN (Virtual Private Network)-enabled routers (encrypted remote access), Next-Generation Firewalls (deep packet inspection), and Network Access Control devices (AAA (Authentication, Authorization, and Accounting) enforcement).
| Device | Function | Key Features |
|---|---|---|
| VPN-Enabled Router | Provides secure encrypted tunnels for remote users across public networks | IPSec (Internet Protocol Security), SSL (Secure Sockets Layer) VPN; VPN services can be integrated into the firewall |
| Next-Generation Firewall (NGFW) | Deep inspection and control of network traffic | Stateful packet inspection, application visibility, NGIPS (intrusion prevention), AMP (advanced malware protection), URL (Uniform Resource Locator) filtering |
| Network Access Control (NAC) | Controls who can access the network and enforces policies | Authentication, authorization, accounting (AAA); Cisco ISE is an example; manages access across wired, wireless, and VPN |
Important: These perimeter devices protect against external threats. But if an attacker is already inside the LAN (Local Area Network) (rogue device, compromised host, malicious insider), perimeter defenses don't help. That's where Layer 2 security (port security, DHCP (Dynamic Host Configuration Protocol) snooping, DAI (Dynamic ARP Inspection)) becomes essential.
Go deeper:
Next-generation firewall (Wikipedia) — deep-packet-inspection and application-aware filtering.
Network segmentation (Wikipedia) — why perimeter zoning + defense-in-depth limits lateral movement.