Security zones are among the few strategies that reap a return on the investment of planning, resources, and money. The traditional firewall segmentation concept is quickly becoming an old way of thinking about network security. Figure out which hosts in your network and enterprise should talk to each other, and forbid the rest by default. If you can accomplish this type of security zone isolation, you can provide an incredible amount of bang-for-the-buck protection. Security zone isolation is a lot of work, but it can easily stop one bad end-user or a weak branch office from compromising network.”]