What are security zones and how does network segmentation protect assets?

Security zones divide a network into segments with different trust levels and access controls, limiting lateral movement if an attacker compromises one zone. Common zones include the external untrusted zone or internet, the demilitarized zone or DMZ hosting public-facing services, the internal trusted zone for corporate resources, and restricted zones for sensitive systems like databases and financial applications. Firewalls, routers with access control lists, and virtual local area networks enforce boundaries between zones. ---