As discussed in Chapter 7, Physical ICS Security, in the section, Segregation exercise, network segmentation should include decisions on where to place ICS-related systems within the Purdue model. Systems mostly used by office people will end up in the Enterprise Zone. Systems that are used extensively by production users or that need to communicate to production floor equipment will move to the Industrial Zone, living on the ICS network. This separation will lead to systems or production processes that end up having parts in both the Enterprise Zone and the Industrial Zone. To securely facilitate communication between those separated parts and allow secured administrative interactions into the Industrial Zone, the Industrial Demilitarized Zone will broker these interactions between the Enterprise Zone and the Industrial Zone. Common broker services found in the IDMZ include the following:

• Microsoft remote desktop gateway server
• Managed file transfer server
• Reverse web proxy server
• Microsoft updates server (SCCM or WSUS)
• Antivirus gateway server