Zone-Based Security
This is the method of dividing a network into smaller, isolated sections to control traffic flow and improve security.
What is network segmentation?
This zone acts as a buffer between your private network and the public internet.
What is a DMZ (Demilitarized Zone)?
This type of system monitors traffic but doesn’t take action to stop threats.
What is an IDS (Intrusion Detection System)?
These are smart devices that connect to the internet, like fridges, lights, and speakers.
What are IoT devices?
This satellite-based system is used to determine your device’s outdoor location.
What is GPS (Global Positioning System)?
These network sections each have their own security rules and trust levels.
What are security zones?
Devices like web servers that interact directly with the internet are called this.
What are internet-facing hosts?
This type of detection compares traffic against known attack patterns.
What is signature-based detection?
This industrial version of IoT is used in environments like power plants and factories.
What is IIoT (Industrial Internet of Things)?
This system is used to determine a device’s location indoors using Wi-Fi or Bluetooth signals.
What is IPS (Indoor Positioning System)?
This level of trust is assigned to areas like employee workstations—not the most secure, but still managed.
What is a medium-trust zone?
This type of firewall setup uses two firewalls: one for the internet and one for the internal LAN.
What is a screened subnet?
This type of system can actively block, reset, or shun malicious traffic.
What is an IPS (Intrusion Prevention System)?
These components of ICS receive data from sensors and send signals to control machines.
What are actuators?
This is a virtual boundary that triggers actions when a device enters or exits.
What is geofencing?
These two tools are often used to control what traffic is allowed between different zones.
What are firewalls and proxy servers?
This type of firewall/router setup has three interfaces for Internet, DMZ, and LAN.
What is a triple-homed firewall?
This is the downside of anomaly-based detection, where legitimate behavior might be flagged.
What are false positives?
This system is used to control industrial systems across multiple remote locations.
What is SCADA (Supervisory Control and Data Acquisition)?
This type of surveillance camera can move and zoom to cover wide areas.
What is a PTZ camera?
This is the primary reason why applying policies to zones instead of individual devices makes security management easier.
What is centralized rule enforcement or simplified administration?
This device sits in the DMZ and monitors/filters requests between internal and external networks.
What is a proxy server?
This is where you usually place an IDS in the network for maximum visibility while staying hidden.
What is behind the firewall/passively on a mirrored port or TAP?
These small computers within ICS take inputs and issue commands to control industrial equipment.
What are Programmable Logic Controllers (PLCs)?
These newer cameras connect via network cable and often use Power over Ethernet.
What are IP-based cameras?