Chapter 13. Separating Resources

Resource separation is one of the core network defense principles, and it is evident in many security-conscious designs. Grouping resources based on similarities in security-related attributes allows us to limit the attacker's area of influence if he gains access to a system inside the perimeter. The way that you group resources depends on their sensitivity, on the likelihood that they will be compromised, or on whatever criterion you choose as the designer.

We have applied the principle of resource separation throughout this book, perhaps without formally stating so. For example, we used screened subnets to host servers that were accessible from the Internet, presumably because their sensitivity and acceptable ...

Get Inside Network Perimeter Security, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.