Perimeter security is like a castle with a high wall around it. Make a good wall, and you are free to do what you want inside. Put a good firewall at the entry to your network, and you don’t have to worry about what’s inside. Bellovin, Cheswick, and Rubin (2003) refer to this as the crunchy candy shell with the soft gooey center, or a policy of putting all your eggs in one basket and then making sure that you have a really good basket. The problem with perimeter security is that the crunchy candy shell is disappearing as wireless networks become common and as organizations cross-connect networks with partners.

Defense in depth refers to placing security measures at all points in a network. For example, a firewall protects the organization from attacks via the Internet, an antivirus system scans each email message, antimalware software runs on each individual PC, and encryption is used between computers to ensure privacy and authentication.