Network Security Zones Diagram is a security perimeter methodology that can help map out the network and its assets. Each zone has different requirements and security measures that will protect the organization’s assets.
The following diagram shows different types of Networks with their own set of security zones.
What is a Firewall?
A firewall is a device that enforces an access control policy between networks. It often regulates the flow of traffic between networks based on a set of rules (security policy). A firewall is the most commonly useful term. But a firewall can also be a must in software (host-based or network-based) or hardware. In addition to network security, firewalls are also often to enforce Internet access policies and prevent network intrusion.
You can also find firewalls in Hosts such as servers, desktops, laptops, mobile devices, printers/copiers, etc… These firewalls are usually a need as software or firmware within these devices and are usually referred to as personal firewalls. The reason these firewalls are implemented on individual hosts is that they provide just enough protection for those hosts. Even without adding unnecessary security measures that might impact performance or other critical tasks on those hosts.
What is a DMZ (De-Militarized Zone)?
The Demilitarized Zone (DMZ) is a network segment between the Internet and an organization’s internal network. The DMZ contains publicly accessible servers that are not mission-critical. In addition, it may also contain servers that have public-facing websites and services such as FTP, Web, email, or DNS. It is not uncommon to find both web servers and FTP servers in the DMZ. The purpose of a DMZ is to provide a layer of protection against intruders who gain access to the perimeter.
DMZs can be a must in several different ways depending on your business needs and risk tolerance. In some cases, a single router may separate two networks with only one interface connected to the Internet. Hence, this is what we refer to as an external-facing interface or perimeter interface.
What is a NAT?
Network Address Translation (NAT) is a technique for modifying IP addresses in IP packets. While they are transmitted through a network gateway from one IP network to another network. Sometimes NAT can be referred to as Port Address Translation (PAT). NAT allows one IP address to be used by several computers when connecting on one side of the gateway.
In other words, it allows one public IP address to share several private IP addresses on its side of the gateway router. This helps conserve a limited number of public IP addresses available on the Internet and helps reduce the cost of acquiring additional public IP addresses from ISPs. It also enables organizations with private IP addresses to connect to the Internet.
What is a VPN (Virtual Private Network)?
A VPN is a private network that uses a public network infrastructure such as the Internet or other intermediate networks to provide secure, encrypted connections for data communication. A VPN may be helpful to individuals and organizations to connect remote sites or users together over a dissimilar, insecure public network such as the Internet. VPNs use technologies to securely connect remote sites or users together. VPNs can provide several layers of security and privacy such as authentication, data encryption and message integrity check.
What is a DMVPN (Dynamic Multipoint VPN)?
DMVPN is a dynamic multipoint VPN implementation using both hubs and spoke topology. Also, where spoke routers are dynamically assigned IP addresses from a pre-defined range for use in establishing direct point-to-point tunnels between spokes and hub router.
DMVPN tunnels are established dynamically on demand. Moreover, DMVPN can be deployed in multiple hubs and spoke topologies. Also, each spoke has multiple interfaces with one interface connecting to the hub router and another interface connecting to the remote networks. This provides higher availability compared with other commonly used site-to-site VPN solutions.