Page 445 - StudyBook.pdf
P. 445
Topologies and IDS • Chapter 7 429
Security Zones
The easiest way to think of security zones is to imagine them as discrete network
segments holding systems that share common requirements.These common
requirements can be:
■ The types of information they handle
■ Who uses them
■ What levels of security they require to protect their data
EXAM WARNING
A security zone is defined as any portion of a network that has specific
security concerns or requirements. Intranets, extranets, DMZs, and
VLANs are all security zones.
It is possible to have systems in a zone running different OSes, such as
Windows Vista and NetWare 6.5.The type of computer, whether a PC, server, or
mainframe, is not as important as the security needs of the computer. For example,
there is a network that uses Windows 2003 Servers as domain controllers, Domain
Name System (DNS) servers, and Dynamic Host Control Protocol (DHCP)
servers.There are also Windows XP Professional clients and NetWare 6.5 file
servers on the network. Some users may be using Macintosh computers running
OS X or OS 9, while others may be running one or more types of Linux or
UNIX.This is an extremely varied network, but it may still only have one or two
security zones.As stated earlier, the type (or OS) of a computer is not as important
with regards to security zones and its role.
In the early days of business Internet connectivity, the concept of security zones
was developed to separate systems available to the public Internet from private sys-
tems available for internal use by an organization.A device that acted as a firewall
separated the zones. Figure 7.2 shows a visual representation of the basic firewall
concept.
www.syngress.com
