4-20 Chapter 4 Hardening Computers for Specific Roles To provide protection, the perimeter network is made up of: A firewall that protects the front-end servers from Internet traffic. A set of "security-hardened" servers that support the services the application pro vides. You set up these servers so that dangerous Internet services, such as file sharing and Telnet, are disabled. A firewall that separates the back-end servers from the corporate networks and enables communication between the back-end servers and a few servers within the corporate network. Figure 4.3 shows a network with the Web, e-mail, and DNS servers placed in a single- layer perimeter network separate from the internal network. Internet Database Server Laptop Computer Router File Server Desktop Computer Firewall Messaging Server Firewall Web Server Print Server Internal Network DNS Server Perimeter Network Figure 4.3 Services placed in a single-layer perimeter network A perimeter network is an important element for securing a site. You need to take addi tional security measures to protect data that the back-end servers store. You can also store extremely sensitive data or data that's needed elsewhere in your enterprise out- side the perimeter network, although doing so has negative performance implications and runs the risk, however small, of opening your corporate network to an attacker. A multilayer perimeter network consists of front-end servers, back-end servers, and firewalls. The firewalls protect the front-end servers from the public network and filter traffic between the corporate network and the back-end servers. A perimeter network