Episode 47 — Select Firewalls, Airgaps, and Software Defined Perimeters for Clear Boundaries
In this episode, we focus on a boundary problem that sits at the center of security architecture: choosing the right way to separate and protect systems so that trust does not spread farther than you intend. The title mentions three boundary approaches that sound very different, but they all try to answer the same question: how do we control who can reach what, and how do we make that control obvious and reliable? Firewalls are the most familiar option, often pictured as gatekeepers between networks. Airgaps represent the strongest form of separation, where systems are physically or logically isolated so there is no direct connection. Software Defined Perimeters, often abbreviated as Software Defined Perimeter (S D P), represent a more identity-centered idea where access is granted based on strong verification and explicit authorization, and systems are not broadly visible to unauthorized users. The goal is not to memorize buzzwords, but to understand what each approach is good at, what it is bad at, and how to pick an approach that creates clear boundaries rather than confusing, brittle ones. Clear boundaries reduce risk because they limit unintended access paths and make it easier to monitor and enforce security decisions.
Before we continue, a quick note: this audio course is a companion to our course companion books. The first book is about the exam and provides detailed information on how to pass it best. The second book is a Kindle-only eBook that contains 1,000 flashcards that can be used on your mobile device or Kindle. Check them both out at Cyber Author dot me, in the Bare Metal Study Guides Series.
A good first step is to clarify what a boundary means in security architecture, because boundaries are not just lines on network diagrams. A boundary is a control point where you can enforce rules, log activity, and reduce the chance that one compromise spreads into another area. Boundaries can exist between the internet and internal systems, between business units, between user devices and servers, or between management functions and normal operations. Boundaries are needed because different systems have different exposure and impact, and you do not want every system to be equally reachable. Boundaries also help with containment, because when something goes wrong, you want to limit the blast radius. A fragile environment often has boundaries that exist in theory but not in practice, because there are alternate routes, broad exceptions, or unclear policies. Selecting a boundary approach is about choosing where to put control and how to make it strong enough to matter. The best boundary is one that matches how the organization actually operates and can be maintained without constant emergency exceptions.
Firewalls are a classic boundary tool, and the basic idea is that a firewall controls network traffic based on defined rules. Those rules can be based on source and destination addresses, ports, protocols, and sometimes higher-level context, and the firewall enforces whether traffic is allowed or blocked. The strength of firewalls is that they can provide a clear chokepoint between zones, making it harder for unauthorized traffic to pass. Firewalls also support logging, which helps defenders see what kinds of connections are being attempted, especially at boundary edges. However, firewalls can become fragile when rules become too broad or too complex, because teams add exceptions to solve immediate problems and rarely remove them later. Over time, the firewall can turn into a permissive patchwork that looks controlled but is full of hidden trust paths. Another limitation is that firewalls mainly govern reachability, not intent, so if an attacker uses legitimate credentials and allowed paths, a firewall may not stop them. Firewalls are powerful, but they must be designed with purposeful zones, minimal allowed flows, and strong governance to stay effective.
The best firewall designs begin with segmentation, meaning you define zones that represent different trust levels and then control traffic between those zones. A public-facing zone for exposed services should have tightly controlled inbound access and very limited outbound access. Internal application zones should allow only the flows needed for business processes, such as a specific service reaching a specific database. Management zones should be highly restricted, with access limited to approved administrative endpoints and paths. In this style of design, the firewall becomes a boundary enforcer rather than a general traffic router. Rule design should follow the idea of least privilege for networks, meaning allow only what is required and block everything else. Logging should focus on meaningful events, such as denied connections, unusual connection patterns, and administrative changes. When teams can explain why each firewall rule exists and what business purpose it supports, the firewall stays readable and defensible. When teams cannot explain rules, that is often a sign of boundary erosion.
Airgaps represent a very different boundary concept, because they aim to eliminate network connectivity between systems entirely. A true airgap means the protected environment has no direct connection to other networks, which reduces the risk of remote compromise through network pathways. Airgaps are often used for high-impact systems where the consequences of compromise are severe, such as safety-critical industrial environments, sensitive military systems, or certain high-security research environments. The main strength of an airgap is that it removes a large category of attacks that rely on network access, including scanning, remote exploitation, and many forms of data theft. However, airgaps can create operational challenges because systems still need updates, data transfer, and maintenance, and those needs often lead to controlled transfer processes. A common misconception is that an airgap automatically guarantees security, but the reality is that data transfer methods can become the attack surface. If removable media is used, it can carry malware across the gap, and if people follow inconsistent procedures, the airgap becomes more of a slogan than a reality.
Designing with airgaps requires careful thinking about what must cross the boundary and how, because business and mission needs do not disappear just because networks are separated. If data needs to move into the airgapped environment, you need controlled ingestion processes that validate and sanitize inputs. If data needs to move out, you need controlled export processes that reduce the chance of sensitive leakage. If updates are required, you need trusted update sources and repeatable verification steps so that updates do not introduce compromise. Airgapped systems also need monitoring and incident response plans, because if something goes wrong, you cannot rely on the same remote tools used in connected environments. This is where the airgap design becomes an architecture question rather than a simple isolation choice. The boundary is strong, but only if the transfer processes are strong and consistently followed. An airgap that depends on perfect human behavior without supportive controls can be surprisingly fragile.
Software Defined Perimeter (S D P) takes a more identity-centric approach to boundaries, and it is especially relevant in environments where networks are no longer cleanly inside versus outside. The idea is that instead of exposing systems broadly on a network and then protecting them with perimeter filters, you make systems effectively invisible or unreachable unless the user or device proves identity and is explicitly authorized. This shifts the boundary from a network location boundary to an access boundary based on identity, posture, and policy. In a simplified sense, S D P is about establishing a trusted connection only after verification, rather than allowing everyone to see and probe the system and then blocking most of them. This can reduce attack surface because unauthorized parties cannot easily discover services to attack. It also supports granular access, where a user might be allowed to reach one service but not others, even if those services are in the same environment. For beginners, it helps to see S D P as a way of making access conditional and targeted, rather than broad and location-based.
Even though S D P can improve boundary clarity, it can become fragile if it is treated as a magic replacement for good segmentation and good governance. S D P depends heavily on accurate identity, strong authentication, and correct authorization policy. If identity systems are weak, if authorization rules are overly permissive, or if access decisions are not logged and monitored, then S D P can simply hide a weak system behind a fancy door. Another risk is operational complexity, because S D P requires reliable policy management and clear understanding of who needs access to what. If policies are not maintained, users may be blocked from legitimate work, which can lead to pressure to create broad exceptions that weaken security. S D P also does not eliminate the need to protect the systems themselves, because once authorized access is granted, the user or device is still communicating with a real system that can have vulnerabilities. The boundary helps reduce exposure, but it does not remove the need for secure platforms and applications. A durable S D P design combines strong identity, careful policy, monitoring, and continued internal segmentation.
Choosing among firewalls, airgaps, and S D P is rarely an all-or-nothing decision, and part of architectural maturity is knowing when to combine approaches. Firewalls are excellent for enforcing zone boundaries and controlling network flows, especially in environments with stable network structures. Airgaps are appropriate when the cost of compromise is extremely high and operational needs can support strict separation and controlled transfers. S D P is attractive when users, devices, and services are distributed and you need access control to follow identity rather than network location. Many environments use firewalls to enforce coarse segmentation, then use identity-based controls like S D P principles to provide fine-grained access for users and services. Some use airgapped segments for the most sensitive operations while still connecting less sensitive parts of the environment. The key is to choose the approach that creates the clearest, most enforceable boundaries for the specific risk and operational model. Boundaries that are clear in design but chaotic in operation become weak quickly.
A practical way to evaluate boundary choices is to consider the threats you are trying to stop and the failures you can tolerate. If you mainly need to reduce accidental exposure and control predictable network flows, firewalls with good segmentation and policy may be the best fit. If you need to prevent remote access altogether and can manage controlled transfers, an airgap may be justified. If you need to reduce service discoverability and tightly control access across distributed environments, S D P principles may provide better security than trying to stretch traditional perimeters. You also consider monitoring and incident response, because boundaries that cannot be observed are hard to trust. Firewalls can provide traffic logs, airgaps require process logs and physical controls, and S D P relies on identity and access logs. You consider maintainability, because a boundary approach that teams cannot sustain will degrade into exceptions and workarounds. The most secure boundary is the one that remains secure after years of real operations.
When you step back, the thread connecting these three approaches is the desire for clear, enforceable separation of trust. Firewalls provide network-based control points that can enforce segmentation, but they require disciplined rule management to avoid gradual permissiveness. Airgaps provide strong isolation by removing connectivity, but they require robust transfer and maintenance processes to avoid becoming a false sense of security. Software Defined Perimeter (S D P) provides identity-centered boundaries that reduce exposure and support granular access, but it depends on strong identity, correct authorization, and careful governance. Selecting among them is about matching the boundary tool to the risk, the environment’s structure, and the operational realities of maintaining the control. When boundaries are chosen and designed thoughtfully, they reduce hidden trust paths, improve monitoring, and make containment faster when incidents occur. That is what it means to select boundary approaches for clarity rather than complexity.
