Local area networks (LANs), personal area networks (PANs), wireless local area networks (WLANs), and wireless sensor networks (WSNs) exist on the edges of the Internet. These edge networks that are contained within individual organizations and households can be found at various locations across the Internet. In the early days of the Internet when most users were researchers, setting up a strong defense mechanism to protect an edge network was not a priority. However, within the current Internet that is much larger and deeper, edge networks with no protection or with limited protection are invaded time and time again by malicious intruders. In some cases, the intruder simply walks right into an unprotected edge network, and at other times, the intruder finds a way to break into one that is weakly defended.

Protecting an edge network against intruders, regardless of how well each individual computer is protected, is similar to protecting a city against intrusions in ancient times. In those days, a fortified wall was built around the city as a barrier separating the inside from the outside. There were three layers of defense. The first layer of defense to protect the internal networks was perimeter security, where entrance and exit points were reduced to only a few, and armed guards were posted at each of these points to check and question people when they tried to enter or leave the city. People who did not possess the appropriate documents ...