This brings us to the end of the chapter on separating resources. Our discussion focused on ways to isolate systems and processes based on their security requirements, while taking into account the budgetary and administrative overhead of segmenting resources in an overly granular manner. In the process, we discussed the advantages of limiting how resources interact with each other when crossing security zone boundaries. This approach to the design of the security perimeter allowed us to limit the scope of the influence an attacker would have if the network were compromised. We also examined some of the merits and disadvantages of employing VLANs to segregate systems. As you have seen, resource separation is an important technique for fortifying the layers of your defense-in-depth strategy. The extent of the appropriate isolation depends on your goals and capabilities, which are articulated when assessing your business needs and documented as part of your security policy.