# Approaches of Network Security A particular approach, or paradigm, will influence all subsequent security decisions and set the tone for the entire organisation’s network security infrastructure. Network security paradigms can be classified by either the scope of security measures taken (perimeter, layered) or how proactive the system is. ### Perimeter Security Approach Perimeter security approach is focused on the perimeter of the network, which might include firewalls, proxy servers, password policies, and any technology or procedure that makes unauthorised access of the network less likely. A small organisation might use the perimeter approach if they have budget constraints or inexperienced network administrators. ### **Layered Security Approach** A layered security approach is one in which not only is the perimeter secured, but individual systems within the network are also secured. All servers, workstations, routers, and hubs within the network are secure. One way to accomplish this is to divide the network into segments and secure each segment as if it were a separate network so that, if perimeter security is compromised, not all internal systems are affected. Layered security is the preferred approach whenever possible. A **passive security approach** takes few or no steps to prevent an attack. A **dynamic security approach**, or proactive defence, is one in which steps are taken to prevent attacks before they occur, e.g. IDS. ### **Hybrid Security Approach** One can have a network that is predominantly passive but layered, or one that is primarily perimeter, but proactive. Considering approaches to computer security along a Cartesian coordinate system, with the x axis representing the level of passive-active approaches and the y axis depicting the range from perimeter to layered defence, can be helpful. The most desirable hybrid approach is a layered paradigm that is dynamic. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://wiki.zacheller.dev/network-security/courses/isci-cnss-course/introduction/approaches-of-network-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.