LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

How does network segmentation improve security?

Split the network into isolated zones (DMZ, app, data, management) so breaching one doesn't hand the attacker the others — each boundary is another barrier.

Traffic passes Internet → DMZ → application zone → data zone, with the management zone reachable only by a separate path.

* Each zone boundary is another wall: a compromised DMZ web server still can't reach the databases two zones deeper. *

Divide systems into isolated zones so that compromise of one doesn't grant access to others.

Example architecture (4 zones):

Zone Contains Accessible From
DMZ Web servers, reverse proxies Internet
Application zone Business logic servers DMZ only
Data zone Databases Application zone only
Management zone Admin tools, monitoring Separate access path

Security benefit: An attacker who compromises a web server can't directly access the database — they must also compromise the application tier. Each segment is an additional barrier.

Segment by: Functionality (web vs database) AND sensitivity (public vs confidential data).

Go deeper:

From Quiz: SPRG / Secure Architecture & Design | Updated: Jul 14, 2026