Demystifying Network Isolation and Micro-segmentation

A project management approach to designing, implementing, and operationalizing network isolation and micro-segmentation

  1. Spreadsheet of new subnets being created
  2. Revised/new network architecture diagrams
  3. List of affected enterprise applications
  4. List of required ports and protocols for enterprise applications affected by the migration
  1. DO separate printers onto their own network
  2. DO separate VOIP phones onto their own network
  3. DO only allow the ports needed by the applications. If you don’t know what they are, this is an opportune time to work more closely with the application owners more than you ever have before to better understand their applications and requirements. Schedule meetings with each app owner and document the ports and protocols and traffic direction for each of their enterprise applications.
  4. DO define network security controls beyond VACLs for inspecting and acting on suspect traffic entering each VLAN.
  5. DO NOT consider the user VLANs as being a trusted network
  6. DO consider architecting the network in layers of trust from high to low like layers of an onion.

Hacker | Cybersecurity Content Creator | Influencer | Published Author