Topic: Architecture & Design — Networks, Segmentation, and Secure Models

🏛 Network Security Architecture

Segmentation

Breaking a network into smaller zones to limit damage.

Examples:

• VLANs
• Subnets
• DMZ
• Guest networks

DMZ (Demilitarized Zone)

A network segment for public-facing services (web, mail, DNS).

Keeps the internal network safe.

Firewall Types

• Packet-filter – basic rules
• Stateful – tracks connections
• Application firewall – Layer 7 filtering
• NGFW (Next-Gen Firewall) – adds IDS/IPS features