Skip to main content
Cyber SecuritySystem Security Plans

Network Segmentation and Separation

By February 9, 2022No Comments

Using network segmentation and separation together offers an additional level of security to your systems and data. A robust ‘defence in depth’ network enhances cybersecurity by physically and virtually ensuring data flow and connectivity within your network is for known and approved connections only.

Canda explains how network segmentation and separation can support your security and how your business might benefit from applying these measures to your systems and data.

What do these two measures mean?

  • Network segmentation involves breaking down your organisation’s network into smaller networks, using DMZ’s and other logical segmentation (like Production/Test) to logically segment processing activity.
  • Network separation means using different access controls to allow connections across these smaller networks. This can be by employing different technologies and filters to further control data flow.

Together, these two prevent an attacker from moving freely within devices and systems across your organisation’s whole network after they get access. With network segmentation and separation in place, they will be stopped by access controls and security policies. You can relatively simply prevent attackers from gaining full access to your data with these controls.

Especially larger organisational networks and their security can be difficult to control and oversee. By dividing them into smaller and more manageable networks, you will significantly reduce the cybersecurity issues. The increased number of access controls (e.g. passwords and logins) between these networks lessen the likelihood of an attacker gaining access to further data and systems.

What are the goals of network segmentation and separation?

There are many different ways that you can design your network configuration, but the following goals will be important for each organisation:

  • Devices are logically separated from each other according to processing needs and gateway/network/server/application/data/user connectivity requirements. They should each have their own access controls to apply separation.
  • Your internal networks should be separated from untrusted or low-trust networks. Don’t join and work on any public Wifi to reduce your exposure to attackers.
  • Your networks should block traffic by default. A person should be responsible for allowing new people access to your internal systems.
  • All users need authentication to access your organisational network at all times.
  • Regular logs should be kept about any changes to the configuration’s security and authentication. Any suspicious activity should be noted, and steps should be taken to prevent access.

Canda supports businesses across New Zealand with their cybersecurity and network controls. We ensure you have the highest safety to reduce the likelihood of attackers and hackers accessing your data. Get in touch with us if you need support from our experts!

Leave a Reply