How to work with network segmentation using zoning
In today's connected world, no system is stronger than its weakest link, and no critical information or system is secure if there is insufficient protection. A cyberattack can result in sensitive and/or critical systems being disrupted, knocked out or leaking information. The most critical systems, or the most sensitive information, must be protected with high-assurance security solutions in order to obtain a high level of security. A secure way to protect your sensitive information or systems is to start working with network segmentation.
We have defined 5 steps for network segmentation using zoning, and hope that these can guide you and help create a successful project!
1. Create a zone model
To structurise the segmentation project using zoning, you should create a zone model that defines what types of zones you have and what security and assurance requirements you have for the security functions that separate the zones.
2. Define what should be segmented
Define which system or systems that should be segmented and should thereby be included in the segmentation project. It is very important that the scope of the project is clearly defined and well communicated to everyone involved. Draw a high-level picture of the systems that should be segmented where boundaries to other systems are drawn. Also describe which data flows that will be in and out of the systems.
3. Perform a security analysis of systems
The systems included in the segmentation project need to be classified according to its sensitivity and criticality. The classification should be performed on an ongoing basis by the organisation, but a security analysis can identify systems and information that have not been classified.
4. Arrange the systems according to the zone model
Place the systems according to the zone model. Placement is based on requirements for security, availability, functionality and operational responsibility. Understanding how the different systems communicate with each other at network level is central. Minimise communication between zones, i.e. across zone boundaries. Monitor information flows between the zones.
5. Implement, test and put into operation
In order for the segmentation project to go from paper product to reality, various components (applications, firewalls, switches, etc.) will need to be reconfigured and in some cases networks will have to be partially rebuilt. The various security solutions will be configured, tested and put into operation. In this step, the segmentation project risks affecting the ongoing operations due to downtime.
Read more about network segmentation in our White Paper!
Do you need help with your network segmentation? We can help you start your project!