Security Zone

A security zone is a specific portion of a network to which certain security protocols and guidelines apply. These protocols will vary depending on the zone. Traditionally, the three layers of network security zones are 1) the outer zone, such as the Internet; 2) the zone in between, often including a firewall; and 3) the trusted inner or private network. This inner zone might be all of a company’s private resources, such as their connected networks, IP address, and applications. The outer zone is public, often requesting access to parts of the private network: for example, an Internet user searching for the company’s webpage.

The in-between security zone is often known as a demilitarized zone (or DMZ). This middle zone is where the outer and inner networks interact. A firewall would be employed in this middle area; it filters traffic and requests from the public outer network to the private one. In a traditional network zone structure, a DMZ receives heavy monitoring because it is where Internet users or traffic from public networks are most likely to enter the private network and potentially access sensitive data. DMZs can include the places where internal and external servers communicate, like websites and domain name system servers.

Traditional network segmentation vs. microsegmentation

Security zones typically rely on perimeter technology, such as firewalls, to filter all of the traffic and requests coming from outer networks. That’s traditional network segmentation: the entire private network of a company is surrounded by security measures. But inside, there is little to no protection. If an attacker does make it past the firewall, they have access to all of the internal network’s connected applications and platforms.

It’s better to implement microsegmentation, especially for larger organizations with more sensitive data. Microsegmentation establishes security zones within the private network as well, not trusting that every bit of traffic that passes through the firewall is safe. Establishing smaller security zones that all have their own protocols (which might vary depending on the application or platform) is better for big networks, in case an attacker accesses them. Zero trust is a similar security approach.






Jenna Phipps
Jenna Phipps
Jenna Phipps is a writer for Webopedia.com, Enterprise Storage Forum, and CIO Insight. She covers data storage systems and data management, information technology security, and enterprise software solutions.

Related Articles

Human Resources Management System

A Human Resources Management System (HRMS) is a software application that supports many functions of a company's Human Resources department, including benefits administration, payroll,...

How To Defend Yourself Against Identity Theft

Almost every worldwide government agency responsible for identity theft issues will tell you the same thing: The first step to fighting identity theft is...

Infographic

An infographic is a visual representation of information or data. It combines the words information and graphic and includes a collection of imagery, charts,...

Phishing

What is phishing? Phishing is a type of cybercrime in which victims are contacted by email, telephone, or text message by an attacker posing as...

ScalaHosting

ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...

HRIS

Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...