From the course: Cyber Defense Infrastructure: Mitigating Cyber Risks and Preventing Security Incidents
Network segmentation and security zones
From the course: Cyber Defense Infrastructure: Mitigating Cyber Risks and Preventing Security Incidents
Network segmentation and security zones
- Understanding the TCP/IP model gives you the context necessary to apply our next area of discussion, network segmentation. So what is network segmentation? Network segmentation is the practice of dividing a network into smaller, isolated segments, each with its security controls, to limit the spread of attacks and improve management. Like the TCP/IP model, segmenting a network security into zones, gives IT professionals, cybersecurity professionals, a shared language to discuss security issues and mitigate problems should they arrive. However, unlike the TCP/IP model, which explains our data flows across network layers, network security zones explain who gets access to what data given a specific organization security needs. There are three main zones, the internal, the DMZ, and the public zones. First, we have the internal zone. This is the most secure, trusted area where resources and devices that are for internal use only, such as your corporate line, internal printers, endpoints, servers, ETC, are configured with private IP addresses. This should not be accessible to those outside of your organization. Second is the demilitarized zone, also known as DMZ. This is partially exposed to internet or external networks as the perimeter where resources and services accessible from outside the organization or hosted. It isolates public facing services from the internal network and protects against external attacks with proxy servers, web servers, et cetera. Third is the public zone. This is the list secure area, which refers to everything on the internet and is not in the control of an organization. Now that you have a better understanding of the network security zones and the TCP/IP model, you can begin actively strengthening your cybersecurity infrastructure in a variety of ways, from implementing firewalls between zones, to network segmentation, and to VPNs. All security controls will cover in our next video.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.