Segmenting for security: Five steps to protect your network

1 2 3 4 5 6 Page 5
Page 5 of 6
Tree in field divided showing rebirth growth Thinkstock

* Implement segmentation. In a large organization, network segmentation is a significant, long-term project, but each step along the way increases security. Start somewhere, perhaps with the network administrators or Windows servers. In that instance, you could set up VLANs called network-admins (for their workstations) and network-devices (for routers and switches).

Log all traffic between segments to determine what is normal and needed for effective functioning. Once you know what’s necessary, start blocking access to the VLANs from everywhere else, with the ultimate goal of default deny. Make sure you have the controls to enforce segmentation and to monitor whether later requested changes to access may compromise the segmentation. Continue the process through each group of assets, personnel and data.

1 2 3 4 5 6 Page 5
Page 5 of 6
IT Salary Survey: The results are in