‘Castle-and-moat’ refers to a network security model in which everyone inside the network is trusted by default. “Castle-and-moat” is a network security model in which no one outside the network is able to access data on the inside, but everyone inside the network can. Imagine an organization’s network as a castle and the network perimeter as a moat. Once the drawbridge is lowered and someone crosses it, they have free rein inside the castle grounds. Similarly, once a user connects to a network in this model, they are able to access all the applications and data within that network.
Organizations that use this model dedicate a lot of resources to defending their network perimeter, just as a castle might place the most guards near the drawbridge. They deploy firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), and other security products that block most external attacks — but are not as effective at stopping internal attacks, insider threats, and data breaches.
“Castle-and-moat” is not necessarily a deliberately chosen strategy. The term came into use to contrast traditional network architecture with zero trust architecture. Learn more in the Cloudflare Learning Center.
Knowledge in Action
Sign up for Cloudflare today and put your knowledge to use.
