Security Zones: Definition & Purpose

Instructor: Toya Stiger

Toya has a masters of computer science in computer science and has taught college students as an adjunct instructor.

In this lesson, we will define a security zone and discuss the importance of these zones. We will also discuss the goals of a security zone and how they are established.

In the Security Zone

In today's world, network attacks happen every second and it is important for organizations to ensure that they have security features in place on their networks that will help reduce their risk of these types of attacks. One way to mitigate this is by creating security zones. A security zone is a segmented section of a network that contains systems and components with limited access to the internal network.

Security Layers

A network can have multiple security zones with several layers of security in each zone. The security levels are dependent on the data that needs to be protected. Critical data will have the highest levels of security features with the most restrictions. The main objectives of security zones are to protect the network, detect intruders, contain attacks, and prevent these interferences from reaching the internal network. Even with security zones in place on the network, each zone must still be able to maintain a level of communication. The systems and components on a network, regardless of the security zone they fall under, still share resources on the network, such as system logging, system audits, and access controls.

Within each security zone, there is a layer of trust or a trust zone that allows for the sharing of resources and communication between a higher level security zone and a lower level security zone. Take, for example, a web server that must be able to communicate with the application servers in order to ensure the data is published for users. In turn, the application servers must be able to communicate with the database servers in order to retrieve the necessary data. Even though each server is in a different security zone with different levels of security features, there is a trust zone in place that allows for the shared resources between each server.

Types of Security Zones

Before implementing security zones, you have to identify what you want to protect on your network. From there you can start establishing the different security zones. Let's discuss some of the security zones that can be established.

Uncontrolled Zone

The uncontrolled zone is public domain, such as the internet. It cannot be controlled by an internal organization and so this zone is deemed as un-trusted because it can be considered as a major security risk due to the limited controls that can be put into place in this type of zone.

Controlled Zone

The controlled zone might be an organization's intranet network or a demilitarized zone (DMZ). A DMZ is a sub-network of an organization's network. It can be physical or logical. A DMZ allows access to an un-trusted zone, such as the internet, but cannot reach back to the internal network system. An intranet is the internal network of an organization that is secured behind one or more firewalls and has a medium level of restrictions with certain controls in place to monitor network traffic. For example, a user might not be able to access a certain website from their normal workstation that is connected to the intranet. However, they may be able to access the website on a DMZ system, due to the lower level of restrictions.

Restricted Zone

The restricted zone is a highly controlled zone that must not have any type of access to an un-trusted zone. This zone can have mission-critical data and systems operating on it. This zone will have the highest level of security features and strict firewall rules in place to control all incoming and outgoing traffic.

Establishing Security Zones

When establishing security zones on a network, there are several factors that should be considered. These factors include identifying requirements, mapping communication patterns, creating an IP address schema for the enterprise, identifying network segmentation, identifying control points, and implementing access controls.

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account