Windows Server Domain Isolation
Network segregation configured with a simple policy, setup servers and computers to only accept connections that are authenticated members on a isolated domain.
Typically, deployments of these see a set of IPsec rules configured within the basic firewall design policies, to only allow connections from other members of a specified isolated domain. After this rule is deployed any network traffic originating from outside of the isolation domain will be dropped.
Doing so provides a logical premiter between servers and computers on the network, even spanning multiple domains in a forest or forest trust relationships with two way trusts configured. Certain services such as DHCP, old school WINS and PROXY servers can be configured to be within a trusted zone by an expection rule.
Other types of zones consist of:
-Isolated Domain: Computers that rely on authentication rules for network traffic
-Boundary Zone: Computers that are within the Isolated domain that allow traffic from untrusted devices, a great use case would be a DMZ or PROXY server.
-Untrusted: Computers that are now managed by the orgnaiztion and the security posture is unknown.