Quiz Entry - updated: 2026.07.14
How does network segmentation improve security?
Split the network into isolated zones (DMZ, app, data, management) so breaching one doesn't hand the attacker the others — each boundary is another barrier.
* Each zone boundary is another wall: a compromised DMZ web server still can't reach the databases two zones deeper. *
Divide systems into isolated zones so that compromise of one doesn't grant access to others.
Example architecture (4 zones):
| Zone | Contains | Accessible From |
|---|---|---|
| DMZ | Web servers, reverse proxies | Internet |
| Application zone | Business logic servers | DMZ only |
| Data zone | Databases | Application zone only |
| Management zone | Admin tools, monitoring | Separate access path |
Security benefit: An attacker who compromises a web server can't directly access the database — they must also compromise the application tier. Each segment is an additional barrier.
Segment by: Functionality (web vs database) AND sensitivity (public vs confidential data).
Go deeper:
Wikipedia — Network segmentation — splitting a network into zones to contain lateral movement.
Wikipedia — DMZ (computing) — the public-facing buffer zone and single- vs dual-firewall designs.