The document outlines a network design that divides the network into public, semi-public, and private sections, with different servers like web, mail, and DNS in the semi-public DMZ section. It recommends a defense in depth approach, where the firewall, border router, and limited visibility between systems act as layers of protection, so if one system is compromised the consequences are minimized.