[go: up one dir, main page]
Scribd
Upload
67 views8 pages

Network Segmentation for Enhanced Security

Uploaded by

John Gablac
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
67 views8 pages

Network Segmentation for Enhanced Security

Uploaded by

John Gablac
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

NETWORK SEGMENTATION

AND SECURITY
GROUP 3
Ednalinn Malana
John Moises Lara
JessaMhae Soratos
Ricka Joy Javier
Josephine Garcia
Mark Jefferson Manuel
Irish Joy Buendia
Network Segmentation and Security
 Network segmentation is a security practice the divides a network into
smaller, isolated segments to reduce attack surfaces and improve security.
By compartmentalizing parts of a network, segmentation helps control the
flow and traffic between different segments, making it harder for attackers
to move laterally(across systems) if they gain access to a part of the
network
Types of Network Segmentation

Physical Segmentation
 Physically separate networks using different hardware, like separate
switches and routers.
Logical Segmentation
 Use technologies like VLANs (Virtual Local Area Networks) to create isolated
segments within a shared infrastructure.
Micro-Segmentation
 Uses software to create very granular segments, often isolating individual
applications or workloads within a data center or cloud environment.
Benefits of Network Segmentation for
Security
Reduced Attack Surface
 By isolating parts of the network, attackers have fewer accessible paths.
Enhanced Access Control
 Segments can be tailored with specific policies to restrict access to sensitive
data.
Improved Threat Containment
 Compromised segments can be isolated, preventing an attacker from easily
accessing the entire network.
Compliance with Regulations
 Many standards, such as PCI-DSS, require network segmentation to protect
sensitive data.
Best Practices for Network Segmentation

Classify and Prioritize Assets


 Identify critical assets and prioritize segments around high-risk or sensitive areas, like
customer data or intellectual property.
Use Access Control Lists (ACLs)
 Limit who or what can access different segments with ACLs at switches, routers, or
firewalls.
Implement Firewalls Between Segments
 Place firewalls at boundaries to control traffic and inspect packets between segments.
Regularly Monitor and Test Segments
 Use intrusion detection and regular vulnerability scanning to ensure segmentation
boundaries remain intact.
Micro-Segment in High-Risk Environments
 In environments like data centers, use micro-segmentation to separate workloads for
even more granular control.
Challenges in Implementing Network Segmentation

Complexity and Maintenance


 Segmenting a network requires careful planning, and maintaining segments
can be complex as systems and applications change.
Balancing Security with Usability
 Strict segmentation can impact performance and the user experience if not
implemented carefully.
Integration with Legacy Systems
 Older systems may lack support for modern segmentation techniques,
complicating implementation.
Tools and Technologies for Segmentation
Firewalls
 Configure policies to control and inspect traffic at network boundaries.
VLANs and Switches
 Use VLANs to create isolated segments without needing separate hardware.
Network Access Control (NAC)
 Controls and monitors devices as they connect to network segments.
Software-Defined Networking (SDN)
 Allows centralized control to manage segment policies dynamically, often
used in data centers and cloud environments.
Zero Trust Security Model
 Implements strict access control, ensuring that no entity has free access
without authentication and authorization.
THANK YOU!!

You might also like