2.4 Explain the importance of implementing network segmentation - Paiet/Tech-Journal-for-Everything GitHub Wiki
2.4 Explain the importance of implementing network segmentation
- Why segment?
- Reduce the attackable area of the network
- To meet compliance standards
- Distribute the workload
- Zone
- Physical or logical boundary of a network
- A line of demarcation from other zones
- Each zone is specialized
- Conduits
- Secure connection between zones
- Usually employs firewalls and/or VPNs
- SCADA systems/Industrial control systems
- Proprietary software that isn't updated regularly
- Controls systems that may be harmful if used improperly
- Legacy systems
- May not support newer security policies
- Putting them on same LAN as newer devices may be a compromise
- Separate private/public networks
- Private networks are just that...PRIVATE
- There is nothing on these networks that need be shared publicly
- Trade secrets
- Financial data
- Employee data
- Customer data
- Segmenting Guests data from private data
- Guest VLAN, guest ports, guest AP SSID
- Honeypot/honeynet
- Designed to draw attacks away from your actual network
- Possibility of compromise is higher and should only consist of honeypots so that production machines aren't compromised as well
- Isolated system for observing and data mining
- Similar to an IDS
- Isolated Network for observing
- Testing lab
- Testing devices are not for production use, but for testing possible issue before becoming production policy
- Could be working with viruses
- Separate Equipment if possible
- Identical to Production Network
- Usually Isolated
- Load balancing
- Takes the strain off of any one device and distributes it among multiple devices
- Network optimization
- Performance optimization
- Security
- Keeps private networks from being accessed by the public
- DMZ
- Web server front end
- Database on back end
- Compliance
- Government regulations may require segmentation of sensitive data
- HIPPA
- Government infrastructure
- Financial institutions