Front cover - IBM Redbooks

astion (sacrificial) host. But now we are seeing business demand for additional
services such as instant messaging, virtual meetings, collaborative workgroup
Web spaces, extranet and intranet portals, remote employee access, and the list
seems to keep growing. The three zone model with the DMZ as the middle limits
the flexibility we need to improve the levels of defense required by a diverse
number of services.
4.2.2 The four zone model
Moving forward, we define a zone in the simplest sense as a network segment or
subnet where all devices located in the same zone can connect to each other
without network or application-level filtering. Subnets provide a reliable method
of separating resources because the connections between subnets can be
controlled and regulated by the devices that are used to interconnect them.
By grouping our resources into security zones, we can keep resources with
similar security-related characteristics together. Another way to define a security
zone is: “a logical grouping of systems, networks or processes that have similar
levels of acceptable risk.” We also want to separate resources with different
security characteristics to limit an intruder’s potential areas of access or
influence. We call this model a multi-zone architecture.
The criteria used to group and separate resources vary by factors such as the
size of the organization, the number of different resources, geography, types of
data and their different levels of classification or sensitivity, and of course the
cost involved to build the infrastructure. In addition to dividing or segmenting the
network, we may need to utilize dedicated servers for specific functions in order
to provide the maximum level of separation. In this section we discuss methods
to segment networks and provide recommendations regarding the separation of
certain key services.
Chapter 4. Security components and layers 137