Skip to main content
Skip table of contents

Defining network zones

The Purpose of Organizing Access

Defining network zones is a key strategy in access organization and management. It involves segmenting a network into logical zones based on security requirements, asset types, or user roles. Network zones act as layers of defense, limiting the spread of threats. For example, if a breach occurs in one zone, it doesn’t automatically compromise the entire network. Zones ensure that only authorized users or devices can access sensitive areas, such as a database zone or critical application zone. By segmenting systems and data into different zones, the exposure to cyber threats is reduced.

Network zones enable granular access policies. For instance, users from the HR zone can access payroll systems but not production servers in the Engineering zone. This is often paired with role-based access control (RBAC) or tag-based systems. Segmenting assets into zones allows for better logging and monitoring. Audits become more straightforward since access policies and activities are well-organized. Defined zones help demonstrate adherence to regulatory requirements like (e.g., GDPR, PCI DSS, HIPAA).

Network segmentation reduces congestion by isolating high-traffic or resource-intensive systems into dedicated zones. In case of an incident, defined zones allow faster containment. For instance, isolating the infected zone prevents lateral movement of attackers.

You can profile your network zones in the solution to use settings across the solution and save time on setting it at multiple locations. This is used across user access policy and proxy settings.

An IP Segment is a range of IP addresses that you can map to a location. One location can have multiple IP segments and you can also describe an IP segment to suit your needs.

This chapter contains the following:

Steps to define Network zones

Classifying IP segments

Follow the below recommended steps to add an IP segment:

  • Login to Sectona and select Platform Configuration from the product navigator.

  • Navigate to IP Segements under the Common Masters section.

  • Click +Add IP Segment button. This opens up a form to the right of the page to add an IP segment.

  • Provide Segment Name, Location, and IP range.

  • Click Save and your IP Segment is defined.

  • By default, new network zones added to the system are in active mode.

You can add multiple network zones to the same location.

Editing an existing IP segment classification

Follow the below recommended steps to modify a predefined IP segment:

  • Login to Sectona and select Platform Configuration from the product navigator.

  • Navigate to IP Segements under the Common Masters column.

  • Click on the network zone you wish to edit.

  • Click Save and your modified IP Segment is defined.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.