- CCNA Security 210-260 Certification Guide
- Glen D. Singh Michael Vinod Vijay Anandh
- 415字
- 2025-02-22 12:45:07
Zones
A zone is a logical area on the network, created by the administrator, in which devices with similar trust levels lie. It contains one or more services and independent information. Zones group all the services and independent information that requires similar security policies together. Each zone is associated to a security level or a policy. Once a zone is created, the interface of a zone is assigned to a particular zone. One device in the network can be part of one or more zones. One interface of a device cannot be part of multiple zones. Further pision, of zones are also allowed as they can help to increase the level of security.
Dividing the network into zones increases the level of security inside the organization. For example, WAN-network technologies, such as MPLS short for, Multiprotocol Label Switching and VPNs, help us to isolate the traffic flow and provide extensions to different security zones. There is a logical zone called self zone. The traffic moving to and coming from the self zone is allowed by default, but administrators can configure policies to deny the traffic.
A zone should be created with the following properties:
- It must be created to resist attacks and threats
- The traffic sent over the network should flow across the zones so that they can audit the traffic and take the necessary steps
- Must have traffic-inspecting and traffic-filtering capabilities/policies
Networks can be pided into three zones, as follows:
- Inside zone/private zone: This is also referred to as a trusted zone. The interfaces are connected to the private network of the organization. It has a high level of trust. The devices in the private zone must be protected from people accessing from the other zones.
- Outside zone/public zone: This is referred to as an untrusted zone. The interfaces are connected to the internet or other public networks. It has the lowest level of trust. High levels of security policies should be configured to audit the traffic flowing from this zone.
- Demilitarized zone: This zone separates the internal, that is, the trusted zone, from the other untrusted zones. Generally, the servers that are facing the internet are located in this zone, as the servers are accessible from the untrusted (internet) zone but not from the trusted (internal) zone, thus providing an additional layer of security. Some special policies are required to allow selected traffic to access this zone.
The following diagram shows the zones in the organization:
