DMZ becomes the de facto standard for network segmentation. It is used to control network traffic across trust and untrusted network zones. Network traffic is used instead of network connection because the latter is not precise. A network cable is connected across components but what does matter is the traffic flowing thru.
The network zoning is typically implemented by network firewall. More functions like anti-malware protection, site filtering, application requests screening are adding to the network firewall making it the so-called next generation (NG) firewall.
To enhance customer confidence, there are 3rd party accredition for firewall cybersecurity.
No matter how secure the component is manufactured and deployed, the important aspects to maintain a secure network perimeter are:
- Proper design, i.e. placing the firewall(s) at the correct network node
- Proper configuration, i.e. device management and least privilege firewall rules
- Periodic assessment, i.e. validate if the configuration is still valid (don’t retain the associated firewall rules when system has retired)
- Proper maintenance, i.e. update firmware over time, or refresh with new model when de-supported by vendor