Blueprint for Cyber Security Zone Modeling

Andrew Gontarczyk, Phil McMillan, Chris Pavlovski


The increasing need to implement on-line services for all industries has placed greater focus upon the security controls deployed to protect the corporate network. The demand for cyber security is further required when IT solutions are built to operate in the cloud. As more business activities are migrated to the on-line channel the security protection systems must cater for a variety of applications. This includes access for enterprise users who are mobile, working from home, or situated at business partner locations. One set of key security measures deployed to protect the enterprise perimeter include firewalls, network routers, and access gateways. In addition, a set of controls are also in place for cloud enabled IT solutions. Collectively these components make up a set of protection systems referred to as the security zones. In this paper, a security zone model that has been deployed in practice for the industry is presented. The zone model serves as a design blueprint to validate existing architectures or to assist in the design of new cyber security zone deployments.


Cyber security; lateral movement; firewall zones; security zone model; cyber threats


A. Gontarczyk, P. Watson, et al., "Towards an Enterprise Security Architecture for Broadband Network Providers," Journal of Enterprise Architecture, The Open Group, Vol. 8, No. 3, 2012.

A. Gontarczyk, P. McMillan, and C. Pavlovski "Cyber Security Zone Modeling in Practice", Proceedings of the 10th International Conference on Information Technology and Applications (ICITA), Sydney, Australia, 2015.

S. M. Bellovin, "Distributed firewalls", Journal of Login, Special Issue on Security, pp. 37-39, November 1999.

T. Markham and C. Payne, "Security at the Network Edge: A Distributed Firewall Architecture", Proceedings of DARPA Information Survivability Conference & Exposition II (DISCEX '01), 2001, pp. 279-286.

V. Ramsurrun and K. M. S. Soyjaudah, "A Stateful CSG-based Distributed Firewall Architecture for Robust Distributed Security", Proceedings of the 1st Communication Systems and Networks and Workshops (COMSNETS 2009), IEEE, Jan 2009, pp. 1-10.

L. Cai and X. Yang, "A Reference Model and System Architecture for Database Firewall", Proceedings of IEEE International Conference on Systems, Man and Cybernetics, Oct 2005, pp. 504-509.

J. Tan, D. Abramson, and C. Enticott, "Firewall Traversal in the Grid Architecture", Proceedings of the 12th IEEE International Conference on High Performance Computing and Communications, Sept 2010, pp. 189-196.

J. Lobo, M. Marchi,and A. Provetti, "Firewall Configuration Policies for the Specification and Implementation of Private Zones", Proceedings of IEEE Symposium on Policies for Distributed Systems and Networks, July 2012, pp. 78-85.

J. Chomicki, J. Lobo, and S. Naqvi, "Conflict Resolution Using Logic Programming", IEEE Transactions on Knowledge and Data Engineering, 2003, pp. 244-249.

J. Jee, J. Jang, I. Jo, and Y. Shin, "Network Partition Scheme to Protect Secure Zone for Malicious Code", Proceedings of the International Conference on Information Networking (ICOIN), Jan 2013, pp. 476-480.

Y. Chao, C. Bingyao, D. Jiaying, and G. Wei, "The Research and Implementation of UTM", Proceedings of IET International Communication Conference on Wireless Mobile and Computing (CCWMC), Dec 2009, pp. 389-392.

S. Ali, M. H. A. Lawati, and S. J. Naqvi, "Unified Threat Management System Approach for Securing SME's Network Infrastructure", Proceedings of the International Conference on e-Business Engineering, IEEE, Sep 2012, pp. 170-176.

Defense in Depth, National Security Agency,

Full Text: PDF


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.

IT in Innovation IT in Business IT in Engineering IT in Health IT in Science IT in Design IT in Fashion

IT in Industry ISSN (Online): 2203-1731; ISSN (Print): 2204-0595