Segmenting for security: Five steps to protect your network

1 2 3 4 5 6 Page 3
Page 3 of 6
paperwork 118292466 100265473 orig Thinkstock

* Create the plan. You want to classify, isolate and protect the most important components. Group related items together, for example all your Windows servers, into one virtual LAN (VLAN). Other asset groups might include infrastructure (routers, switches, VPNs and VoIP) in one VLAN and security assets (IDS, firewalls, web filters and scanners) in another.

Financial or human resource servers typically need their own VLAN because of the confidential nature of the information they process and store. You want separate VLANs for groups of personnel as well, so Windows server administrators might be in one, while security administration are in another and executive management in a third. Data requiring special protection such as credit card numbers that need to comply with PCI-DSS or patient information that is subject to HIPAA should be isolated from other data and put in their own VLANs.

1 2 3 4 5 6 Page 3
Page 3 of 6
IT Salary Survey: The results are in