Teach you to recognize and differentiate between web and user

Proper network isolation is the most critical measure to combat apt attacks. For organizations, proper identification and classification of normal traffic and users makes it easier to protect important data from the organization, current trends in mobile device and BYOD policy, and the scale of data flow within the enterprise network, which makes it much more difficult to make the "right" network partition.

So, what are the criteria that can be used to identify and classify networks?

What data is on the network?

The different parts of the corporate network should only access the data needed for daily operations, and some enterprise data may have to restrict access only to specific employees. Demand in this area can be complex and contradictory, but some degree of network isolation is necessary to reduce the risk of apt attacks.

What devices are used to access the network?

In today's mobile office environment, the number of devices to access the network greatly increased, managers for the company owned equipment is "known" status, can be remote management, but other devices are "unknown" and cannot be managed, can do is to put non-it control equipment into the Restricted enterprise network segment, so, Any potential security risks to the device can be quickly isolated.

Who is connected to the network?

Not all users connected to the network need to access the same things, different roles need to access different parts of the enterprise network; If an intrusion event occurs in a low-privileged network segment, access to higher-privileged network segments is only possible if the business requires it.

Advantages of network Isolation

An appropriate area network can help protect against apt attacks in many ways. Network compartments make it more difficult to move laterally across the organization, may require more computers to be hacked, or more authentication credentials, and network isolation is part of a defense-in-depth strategy that increases the effort that attackers spend trying to successfully invade an organization.

Prevent third-party attacks

For third-party attacks, an appropriate network partition will restrict access to the IT network required by the vendor, and any intrusion through these vendors may encounter more obstacles if they want to further access other parts of the corporate network. Large organizations need to work with their vendors to reduce the potential risk from these vendors ' networks.

Prevent internal attacks

Internal attacks exist within an organization, have an understanding of how organizations respond to attacks and organize valuable data, but not all insiders have access to all company secrets, and internal attacks have limited goals, resources, or capabilities. In this case, the internal network compartment helps prevent the inner thief from accessing the rest of the network.

Conclusion

Network and user isolation are necessary steps to protect the network of large organizations. However, it must be part of an integrated approach to assessing the threat that organizations face, and the following are reasonable practices that allow organizations to start conducting risk assessments:

• Identify the assets, data, and controls and visibility that your security infrastructure needs to protect.

l to confirm which network services are in use, and whether there are appropriate controls.

L Determine how assets, data are accessed, and how they are stored.

L Use existing security controls to identify past and current threats to establish benchmarks for current threat activity. Once established, you will then identify the industry's threats to similar assets you hold.

L assess these threats and then assign the corresponding risk levels. These threats and risk levels should be taken into account when designing networks and other defensive measures.

Through these steps, organizations can have a better understanding of the risks they face, and can know how to defend against these threats in an effective and economical way to ensure that their organizations are adequately protected.

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Teach you to recognize and differentiate between web and user