Network segmentation cheat sheet

This project was created to publish the best practices for segmentation of the corporate network of any company. In general, the schemes in this project are suitable for any company.
Network segmentation cheat sheet logo

Best Practice for Network Segmentation


What is this?

This project aims to publish best practices for segmentation of corporate networks. The schemes presented are suitable for any company.


Where can I find diagrams?

Graphic diagrams are available in the Release page.


Schematic Symbols

Elements used in network diagrams:

  • Crossing the border of the rectangle means crossing the firewall.

Level 1: Basic Segmentation

Basic segmentation to protect against basic targeted attacks that make it difficult for an attacker to advance on the network. Basic isolation of the productive environment from the corporate one.

Advantages:

  • Protects against basic targeted attacks.
  • Isolates the productive environment from the corporate one.

Disadvantages:

  • The default corporate network should be considered potentially compromised.
  • Potentially compromised workstations of ordinary workers, as well as workstations of administrators, have basic and administrative access to the production network.

Attack Vector Protection

  • Install maximum number of information protection tools.
  • Real-time monitoring of suspicious events and immediate response.
  • OR: Segment according to level 2 requirements.

Level 2: Adoption of Basic Security Practices

More network segments in the corporate network. Full duplication of main supporting infrastructure for production network such as:

  1. mail relays;
  2. internal sites and services;

Advantages:

  • More network segments.
  • Duplicate main supporting infrastructure for production network.

Disadvantages:

  • High costs of information security tools and information security specialists.

Level 3: Advanced Deployment of Security Practices at Scale

Each production and corporate service has its own networks: Tier I, Tier II, Tier III. The production environment is accessed from isolated computers.

Advantages:

  • Each production and corporate service has its own networks.
  • Access to the production environment is limited to isolated computers.

Disadvantages:

  • High costs of information security tools and information security specialists.
  • Requires separate workstations for access to the production network.

Level 4: Advanced Deployment of Security Practices at Scale

Each production and corporate service has its own networks: Tier I, Tier II, Tier III. The production environment is accessed from isolated computers. Each isolated computer does not have:

  1. incoming accesses from anywhere except from remote corporate laptops via VPN;
  2. outgoing access to the corporate network;

Advantages:

  • Strong protection of the production environment from spear phishing.
  • Limited access to the production environment.

Disadvantages:

  • Requires separate workstations for access to the production network.
  • High costs of information security tools and information security specialists.




> Visit Network segmentation cheat sheet Website <
Best Search
Popular Tags