Any network is going to be chopped up into individualized zones. Now, if you've been watching other episodes, you know, we talked about things like land and land and such. But we're actually going to make it a little bit more granular than that. So what we're going to be doing is really talking about more than anything else, and individual local area network or at most a small Lan, and some of the different denizens and pieces and chunks that we divide that land into. So the best way to get started with understanding the different types of zones that you're going to be seen on security plus, is to start with a good old basic local area network. Now, when you look at a local area network, you've always got some number of computers that are all connecting into one or more switches, generating their own broadcast domain.
The important thing I want to stress in terms of a zone though, is that this type of local area network is going to be wired Actually, we'll have physical Ethernet connections, using physical switches to do whatever it needs to do. So this is the core zone of just about any network. So what we want to do is we want to build from that zone. And there's a lot of different things, you're going to see every one of these on the security Plus, I also might add, all of these are covered in other episodes with a lot more depth. All I'm trying to do at this point is to make sure that you're thinking in terms of zones, there are a number of questions on the security plus where you're asked to think about how this is all put together. So for right now, we're going to keep it a light touch.
And if you want more detail on DMZ s or virtualization, I've got whole other episodes for it. So let's go ahead and get started with the first one, which is going to be a VLAN. So a VLAN simply means that we can take one or more physical switches and chop it up into separate broadcast domains. So let's imagine our local area network. In this case, I've got one switch. But what I'm going to do instead is let me just change some colors here.
So all of the different computers that are on the same color are on their own broadcast domain. And if they're in a different color than their color, they're not even able to hear each other, they can't broadcast to each other anything, they would actually have to have a router to interconnect these different virtual local area networks. So VLANs are not only common, they're pretty much standard in all but the smallest of networks out there. Even my little company total seminars, runs a number of different VLANs to allow us to have different zones. So I've got one zone that's really more for the front office and the accounting folks. We've got another zone that's for our video production, and it just makes it a little bit easier for us to provide good security by setting up VLANs.
The next type of zone I want to talk about is Pretty much unique for people who are serving stuff out on the internet. And this is called a DMZ or demilitarized zone. So if we start off with our little local area network, Now traditionally, you're going to have some kind of router that protects your local area network from the big, bad, evil internet while still providing you connections. It's through that router that we get to Google it, whatever it might be. But a DMZ is actually a usage of two different routers. So what we can do is we can have our local area network, we could have our router connection, and then we're going to connect that router to another router, and then out to the internet.
By doing this, what we can now do is we can insert servers, web servers, file servers, VPN servers, whatever type of actual servers public facing servers with public IP addresses can be placed between these two routers. So the IP addresses between the two routers are public IP addresses. Usually, the IP addresses that are inside the locally or network are private IP addresses, you can't get to those computers from the internet itself. The DMZ is a perfect tool for supporting servers with that what we call the front router, the gateway router, the one that's between our servers and the internet, we can provide strong firewall services there, while at the same time allowing public internet to come in and be able to talk to these servers. If we got a web server, we don't want to block the firewall to the point where they can't even speak to them, right, that next firewall in that's the one that really is going to protect our individual systems.
So it will block all incoming public internet stuff, unless somebody on the inside starts the conversation. So somebody way on the inside here, they can go ahead and open up a web browser and type www.google.com and then because they've started the conversation when it comes back in In that particular case, then public IPs can come into your interior network. But within the DMZ, anybody can query any of those servers. And we want them to do exactly that. DMZ s are, I'm not going to say they're gone. But there's a lot of new opportunities out there with cloud based tools, where a traditional old school DMZ with two routers is more rare than it used to be, but it's certainly on the exam.
The next thing I want to talk about are wireless networks. So if we start with our little local area network, we can do things like for example, just plug a wireless access point into our switch, and then provide another zone of network called a wireless network. This is based on the 802 11 standard, that little wireless access point broadcasts out what we call SSID. Service set identifiers. And that's what when you get on your phone or on your laptop and you're looking at all those wires Key names. That's really what those are individual SS IDs.
So that gives us a another set of connectivity. Now keep in mind that unless you do something special, a wireless connection is just as good as plugging a piece of Ethernet into a switch. So a lot of times, that's where we'll see people do things like for example, set up a separate VLAN. That's just for wireless clients to make a little separation, maybe put a firewall between the wireless clients and your actual land itself. Now, after that, we have what the exam calls a guest network. Now guest is an interesting name because guest has so many different meanings to it.
For example, a guest network could be at a coffee shop where you're just providing public Wi Fi to your patrons, a guest network could be something I've done a lot of work with the United States Department of Justice, and they need to be able to give defense attorneys a way to Get to look at any type of evidence is being used against their clients. So they have to set up little guest network which manifest is nothing more than a piece of Ethernet that they can plug into. The important thing is that a guest network is a pretty much always going to be a separate VLAN one way or another. It is designed and protected because you're assuming that guests are not people who can log into your actual network. So there's a it's a very much a segmented, almost isolated zone that really is used for one specific job.
It can be wired, it could be wireless, but there's always going to be certainly a VLAN and almost certainly some big firewall between the guest network and your real network because we don't want those defense attorneys looking at anything else. So you have all of these different types of zones, but today probably one of the most common zones that we get into our virtualization In zones in virtualization, and again, we have whole episodes that cover this in more detail, we can take one computer and make it look like a gazillion individual computers. So here's my one computer. And what we do is just put a bunch of virtual machines. On top of that, it's actually all of these machines are running within this one physical computer. In fact, with virtualization, whereas each system can be connected to your actual network, it's actually very common, where you have your own virtualized network.
So all of these computers can be their own little Lan, running together by themselves. And it just depends on what your application requirements are. So virtualization is used a lot in terms of when we think about zones. Now the last kind of zone and this is an important one is called air gap. So let's imagine I've got two local area networks. Now it's nothing for me to run a cable between two switches and I can make these things local area networks become one larger local area network.
An air gap simply means a disconnect. We unplug different networks from each other to provide real isolation. When a system is not connected to any other systems, it is completely isolated. And this is actually very common. Did you know here in the United States, we have the internet, which everybody uses. But there's another internet.
In fact, arguably, there's three other Internet's and they're completely air gapped from each other. They're used by the United States Department of Defense. They're used by University Research departments. And there are a completely separate internet from the one that you get on Google with. So it's very, very common to see these types of air gapped networks. All right now, for the exam.
Just make sure you're comfortable conceptually with the idea of zones. Hopefully most of these terms you're familiar with. If not, don't worry about it. We've got plenty of episodes that will talk in detail About virtualizations and VLANs and DMZ s, you're just gonna have to poke around a little bit and find them but they're there.