Blog | News | Contact Us
Baix Corporation's mission is to provide technology solutions that maximize business value and to provide our customers with the insight and tools that enhance their ability to make great IT decisions.  
Our Blog
Firewalls have traditionally been network devices that isolate the internal network from any external connection.  They set up the border or the perimeter of our infrastructure.  Much like any wall put up to protect an area, they provided a level of deterrence from attackers on the outside of the wall.  They did not, however, offer any protection once someone was inside the wall, particularly if an attacker learned how to get around, over or underneath the wall.  

Firewalls are increasingly used to provide segmentation between zones.  This implementation is most commonly found in traditional DMZ's which have been used to provide connectivity between two organizations or to the external Internet.
Network Segmentation and Enclaves  
Today you will find as many firewalls inside the network as you find at the perimeter, placed there for network segmentation or segregation in the form of Network Enclaves.  A Network Enclave is a segment of an internal network that is defined by common security policies.  The purpose of a network enclave is to limit access to critical resources, applications or information.  This is commonly used for areas like infrastructure management where the administration portion of the traffic resides in a separate enclave that cannot be accessed by non-authorized users.  Other critical services such as identity management and directory services are also good candidates to be placed in an enclave.  Internal access can then be restricted to critical services, applications, data and resources through the combined use of firewalls, VPN, and NAC (Network Access Control) as well as the traditional network segmentation tools of VLAN and route segregation.
Most networks have not been designed to accommodate Network Enclaves and moving from the current configured state of the network to the targeted future state can be exceptionally complex.   We work with each of our customers to define an evolutionary plan that moves the network and data center in a "directionally correct" fashion to a desired future state.
Click to return to Information Security Solutions
Home   |   About BAIX   |   Technology Solutions   |   IT Management Consulting   |   Our Customers   |   Success Stories   |   Blog   |   Contact Us
Copyright © 2012 Baix Corporation All Rights Reserved