Home > Design Patterns > Service Perimeter Guard
Service Perimeter Guard

Service Perimeter Guard (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham)

How can services that run in a private network be made available to external consumers without exposing internal resources?

Problem

External consumers that require access to one or more services in a private network can attack the service or use it to gain access to internal resources.

Solution

An intermediate service is established at the perimeter of the private network as a secure contact point for any external consumers that need to interact with internal services.

Application

The service is deployed in a perimeter network and is designed to work with existing firewall technologies so as to establish a secure bridging mechanism between external and internal networks.

Impacts

A perimeter service adds complexity and performance overhead as it establishes an intermediary processing layer for all external to internal communication.

Architecture

Service
Service Perimeter Guard: The perimeter service processes the attacker's message and upon determining its malicious intent, rejects it. This spares the underlying internal service from exposure and unnecessary security-related processing.

The perimeter service processes the attacker's message and upon determining its malicious intent, rejects it. This spares the underlying internal service from exposure and unnecessary security-related processing.