You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Network zoning is the practice of dividing a network into distinct segments based on trust levels, function, and security requirements. The DMZ (Demilitarised Zone) is the most well-known zone — a segregated area between the external internet and the internal network that hosts public-facing services.
A flat network with no internal boundaries allows an attacker who compromises a single system to move freely to any other system. Network zones contain breaches by creating boundaries that require explicit permission to cross.
| Problem | Solution |
|---|---|
| Lateral movement after initial compromise | Zone boundaries restrict east-west traffic |
| All servers exposed to all users | Only necessary traffic flows between zones |
| Single breach compromises everything | Blast radius limited to the compromised zone |
| Compliance requirements (PCI DSS, ISO 27001) | Documented zones demonstrate control |
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.