Network Segregation Design
Segregating and separating devices on an enterprise network by their purpose and bringing them into isolated network segments is an important part in designing consistent network security. Following a strategy of not only differentiating between internal, external and a demilitarized zone minimizes the probability of malware spreading over a network between different systems. This so called lateral movement of threats spreading between different areas of a network.