Physical Perimeter Point/Layer
This is the second outermost layer out of seven layers. This is the first layer of physical infrastructure or perimeter/computers. This layer consists of physical infrastructure that is the interaction point for humans. This layer consists of computers, laptops, mobile phones, and printers. In the case of IOT (Internet of Things), systems that interact with
external environments are also considered to be within this layer. As data can flow inter- layer or intra-layer, we should know what devices/systems are involved and the criticality of the data moving through these systems.
Physical devices need to be protected as these are the physical entry points through the perimeter/devices, irrespective of their location (office, home, cloud farm, or call center.
The example of securing all these devices with perimeter points includes firewalls, encryption systems, anti-virus, device management, etc.
Network Layer
As the devices in the organization are connected to each other or to the application or data server, once one physical point is breached, there is a risk for all the devices within the network. Security in this layer is focused on the security activities within the network.
The internal network layer stops most attackers. For example, this layer is responsible for stopping the spam using automatic scanning tools. The perimeter layer is the most effective layer from the standpoint of stopping attacks, but this layer is often the worst configured, such that a single mistake can allow anything in.
A limited-access approach to the network is one way to achieve the desired security level. Providing access based on the principle of least privilege access applies to all layers, including network layer. This may not stop hackers fully, but at least it will slow down if not fully stop them from achieving their objective of reaching target data.
Secure design is about ensuring that users are traveling through the network in a limited and secure way, and can include secure design and topology, VLAN (virtual local area network), and multi-layer firewalls or switches. Browser-based applications of SAAS (software as a service) use sandboxes to prevent unauthorized users from entering the network. This way, damage is limited to the specific part of the network accessed by external threats. Some examples of how secure networks are enforced include wi-fi security, regular vulnerability scanning, SOC (SECURITY OPERATIONS CENTER)/SIEM (security incident and event management), regular patching, and content filtering.