Best-practice-for-network-segmentation
#Knowledge Base#Resources
A repository of CTF challenges and resources from various cybersecurity competitions.
Best Practices for Corporate Network Segmentation
This document outlines the best practices for segmenting the corporate network of any organization. Graphic diagrams that illustrate these practices can be found on the Release page.
The schema sources are located in the repository
Elements used in network diagrams:
Crossing the border of the rectangle indicates crossing the firewall.
Level 1 of network segmentation: basic segmentation.
Advantages:
- Basic segmentation provides protection against simple targeted attacks, making it harder for an attacker to penetrate deeper into the network.
- It offers basic isolation between the production environment and the corporate environment.
Disadvantages:
The default corporate network should be treated as potentially compromised
The default corporate network should be viewed as potentially compromised. Workstations used by ordinary employees, as well as those used by administrators, have both basic and administrative access to the production network. Because of this, the compromise of any workstation could theoretically open up the following attack vector: An attacker gains control of a workstation within the corporate network. Subsequently, the attacker can move laterally through the network, potentially gaining access to sensitive data and critical systems.
