Types of Network Zones that we use ...
b"
hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 52 today we are discussing about Network Zones When considering the architecture of your internal network,it's important to consider breaking your network up into multiple security zones.These can be further broken up into sub-zones through the use of subnetting,ACLs, firewall rules,and other isolation methods that will help us prevent or shape the flow of data between thedifferent portions of our network.Most networks are segmented into at least three different zones:the LAN, the WAN, and the DMZ.LANs can be secured using private IPs,using anti-malware programs,and by placing your clients behind a router and its associated ACLs.WAN connections, on the other hand,should be monitored and firewalled to secure your networks against the threats of those contained.The Internet is the world's largest WAN.And traffic crossing across the Internet should be tunneled through a virtual private network when you want to keep it safe from prying eyes.This will increase your confidentiality.In fact, the TLS tunnels that are used inHTTPS connections are a type of VPN.So any time you're going to a website and you see that secure lock,there's actually a VPN being used between your web browser and the web server you're visiting.In addition to our LAN and our WAN,the most most common security zone that we use is what's known a DMZ, or a De-Militarized Zone.This zone is focused on providing controlled access to publicly-available servers that are hosted within your organizational network.For example, if you're self-hosting your web serverand email servers inside your organization,it's a best practice to place them within your DMZ,and this is a tightly controlled zone with proper access control rules.This allows you to maintain precise control of the traffic that's going to be allowed between the inside, your LAN; the outside, the WAN,and the DMZ portions of the network.To create a DMZ, multiple interfaces are used on your organization's firewall. You'll have a strict set of access control list rules that are going to be applied to those interfaces,and a public IP address is required for each server hosted within your DMZ.The purpose of creating security zones like a DMZ is to create this separation of critical assets.Not all devices in your network require the same level of protection.Some resources, such as file servers,are going to contain confidential information,like employee data, and this is going to require additional security being placed there.Instead of protecting every device to the same high level,we can create sub-zones inside of our networks based on the level of protection required.In addition to these internal sub-zones,there may be also be additional external zones that you need to create, such as an Extranet.Now, an Extranet is a specialized type of DMZ that's created for your partner organizations to access over a wide area network.It acts much like a DMZ, but it's not publicly accessible.This Extranet is also placed under additional network monitoring and scrutiny.For example, I access an Extranet every time I need to go to Excelous to order exam vouchers for my students in my ITIL and Prince2 courses.It's a part of their network that only their externalpartners, training partners like us,can have access to, and not the general public.Conversely, on the other side,we have what's known as an Intranet.An Intranet is something that allows you to expand your internal network within your organization across multiple areas.This is usually done using VPN tunnels.So for example here, I have a couple of employees who work on the other side of the world.If they need to get access to our file servers, they can do that by logging in to our Intranet and get access to it through that secure connection.
"