Best-practice-for-network-segmentation

Best Practices for Corporate Network Segmentation

This document outlines the best practices for segmenting the corporate network of any organization. Graphic diagrams that illustrate these practices can be found on the Release page.

The schema sources are located in the repository

Elements used in network diagrams: Crossing the border of the rectangle indicates crossing the firewall. Level 1 of network segmentation: basic segmentation. Advantages: - Basic segmentation provides protection against simple targeted attacks, making it harder for an attacker to penetrate deeper into the network. - It offers basic isolation between the production environment and the corporate environment. Disadvantages:

The default corporate network should be treated as potentially compromised

The default corporate network should be viewed as potentially compromised. Workstations used by ordinary employees, as well as those used by administrators, have both basic and administrative access to the production network. Because of this, the compromise of any workstation could theoretically open up the following attack vector: An attacker gains control of a workstation within the corporate network. Subsequently, the attacker can move laterally through the network, potentially gaining access to sensitive data and critical systems.