Resource separation is one of the core network defense principles, and it is evident in many security-conscious designs. Grouping resources based on similarities in security-related attributes allows us to limit the attacker's area of influence if he gains access to a system inside the perimeter. The way that you group resources depends on their sensitivity, on the likelihood that they will be compromised, or on whatever criterion you choose as the designer.

We have applied the principle of resource separation throughout this book, perhaps without formally stating so. For example, we used screened subnets to host servers that were accessible from the Internet, presumably because their sensitivity and acceptable ...