A particular approach, or paradigm, will influence all subsequent security decisions and set the tone for the entire organisation’s network security infrastructure. Network security paradigms can be classified by either the scope of security measures taken (perimeter, layered) or how proactive the system is.

Perimeter Security Approach

Perimeter security approach is focused on the perimeter of the network, which might include firewalls, proxy servers, password policies, and any technology or procedure that makes unauthorised access of the network less likely. A small organisation might use the perimeter approach if they have budget constraints or inexperienced network administrators.

Layered Security Approach

A layered security approach is one in which not only is the perimeter secured, but individual systems within the network are also secured. All servers, workstations, routers, and hubs within the network are secure. One way to accomplish this is to divide the network into segments and secure each segment as if it were a separate network so that, if perimeter security is compromised, not all internal systems are affected. Layered security is the preferred approach whenever possible.

A passive security approach takes few or no steps to prevent an attack.

A dynamic security approach, or proactive defence, is one in which steps are taken to prevent attacks before they occur, e.g. IDS.

Hybrid Security Approach

One can have a network that is predominantly passive but layered, or one that is primarily perimeter, but proactive. Considering approaches to computer security along a Cartesian coordinate system, with the x axis representing the level of passive-active approaches and the y axis depicting the range from perimeter to layered defence, can be helpful. The most desirable hybrid approach is a layered paradigm that is dynamic.