The world is a wild place specially when we are talking about the Internet environment. There are multiple threads and multiple sources of attack. Organizations, in general, need to find the best ways to protect themselves and guarantee the continuity of their business online.
On of the best ways to build their defenses is creating different layers or zones in their infrastructures. Network security zoning mechanism allows an organization to manage a secure network environment by selecting the appropriate security levels for different zones of Internet and Intranet networks. It helps to effectively monitoring and controlling inbound and outbound traffic.
There are some different zones that we can define, the decision about which ones are going to be present in a concrete infrastructure needs to be carefully analyzed in each one of the cases. As a example, we are going to see a few of the possible zones we can implement.
- Internet zone: Obviously, this is not a zone that we can implement, is something that it is there and we just connect. In general, we can define this zone like an uncontrolled zone that it is outside of the boundaries of our organization.
- Internet DMZ: This is a controlled zone that provides a buffer between the internal network and the Internet.
- Production network zone: This is a restricted zone and it has strict access controls to prevent uncontrolled traffic.
- Intranet zone: It is a controlled zone with not heavy restriction, it is supposed to be in a controlled environment and only trusted systems and/or traffic can be found here.
- Management network zone: Highly restricted area or zone, with strong controls and strict policies to restrict the access of non authorized users and traffic.
As you can see, this is just a basic example list to exemplify some of the different zones we can implement in our networks.