Minimizing the exposure of systems to External Networks

Install and configure gateway firewall. 

 Configure inbound and outbound Access Control List (ACL) to control only required and legitimate traffic only to be allowed to go in and out of the network. 

 Close all the ports and only open the required port. 

 Avoid “any” “any” rules set up in all the configurations. 

 All rules must be configured to ensure no “unwanted services” or “hosts” are exposed to the internet, web protection anti-malware, web and app visibility, control, and protection. 

 Implement network segregation by having Demilitarized Zone (DMZ) for public facing servers, server zone and user zone. 

   All remote access to digitalization infrastructure shall be done via VPN.