Skip to main content

Implement network segmentation

  • Access control: should start with IT assets, data, and personnel classification into specific groups, and restrict related access through VLAN.
  • Access management: access to VLANs should be restricted by isolating them from one another and dispatching resources into different VLANs, so that a compromised system in one segment does not translate into exploitation of the entire network.
  • Use of secure remote access methods: any remote access to the organization network or system should be secured through VPN for any remote access required. Remote access should be further hardened by limiting the number of IP addresses that are allowed to connect remotely for security and safeness.