Download Reasons for segmentation.

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
Document related concepts

Mobile security wikipedia , lookup

Deep packet inspection wikipedia , lookup

Computer security wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Distributed firewall wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
The Importance of Network Segmentation
Lesson overview.
In this lesson, we will cover:
●
●
The OSI model and segmentation.
Reasons for segmentation.
The OSI model and segmentation.
What is segmentation? It is taking a single network or system and breaking it into smaller
discrete units. This can be achieved either physically or logically. There are many reasons why
an organization might want to segment a network. Some reasons include easing administrative
tasks, achieving performance gains, increasing security, or complying with regulations.
Highlights:
●
●
Segmentation is taking a single network or system and breaking it into smaller discrete
units. It can be achieved physically or logically.
There are many reasons to segment a network, including to ease administrative tasks, to
achieve performance gains, to increase security, or to comply with regulations.
Segmenting a network at different OSI model levels.
Segmenting a network can be achieved either physically or logically. Either way, the
segmentation involves different levels of the OSI (Open Systems Interconnection) reference
model. Segmentation can be achieved physically at Layer 1, the physical layer. This involves
taking a single network and making it into more than one network through the use of cable runs
and equipment. This is the most extreme example of network segmentation.
You can also segment a network logically at the data link layer, which is Layer 2, or at the
network layer, which is Layer 3, of the OSI model. This involves taking a single network and
making it into more than one network by logically dividing it. The logical segmentation of a
network requires the least amount of physical resources to achieve.
Highlights:
●
●
●
Networks can be segmented at various levels of the OSI model.
Physical layer (Layer 1) segmentation: taking a single network and making it into more
than one through the use of new cable runs and equipment.
Data link (Layer 2) and network (Layer 3) segmentation: taking a single network and
making it into more than one by logically dividing the network.
Reasons for segmentation.
There are many reasons to segment a network. Some excellent reasons may be to comply with
regulations, to increase network performance, or to improve security. These as well as other
reasons are outlined below.
Compliance.
Certain rules and regulations, such as the Payment Card Industry Data Security Standard (PCIDSS), require that certain data be kept separate and secure. This requires that customer
information is kept separate and secure from normal business information. Segmentation allows
for the regulated data to flow across its own network, keeping it more secure.
Highlights:
●
●
Some rules and regulations require that certain data be kept separate and secure.
Segmentation allows for regulated data to flow across its own network.
Network performance optimization.
Another reason for segmentation is network performance optimization. As a network increases
in size, the amount of data that flows through it usually increases. This can slow down the
performance of any network. Segmentation breaks a larger network into smaller units, which
can lead to an increase in performance on those segments.
Related to network performance optimization is the creation of high performance networks.
Some applications require more bandwidth in order to perform at a desired higher level. Voice
over IP (VoIP), video teleconferencing (VTC), and media nets—which are examples of
streaming services—all perform better when they are on their own network segments.
Highlights:
●
●
Segmentation breaks a larger network into smaller units, which can lead to an increase
in performance on those new segments.
Some applications require more bandwidth in order to perform at the desired higher
level; for example, VoIP, VTC, and media nets all perform better on their own segments.
Separate private from public networks.
Another major reason for network segmentation is to separate private networks from public
networks. Organizations often offer free Wi-Fi, allowing the public to access the Internet from
their locations. Network segmentation allows this public traffic to be kept separate from private
corporate traffic.
Highlights:
●
●
Segmentation allows public traffic to be kept separate from private corporate traffic.
This type of segmentation keeps private traffic more secure.
Legacy systems.
Many organizations use systems that are considered critical to their operation, but are not
capable of residing on modern networks. Segmentation allows such legacy systems to reside on
their own subnet and network without compromising their performance or the performance of
the rest of the network.
Highlights:
●
●
Segmentation allows legacy systems to reside on their own subnets.
This type of segmentation increases both performance and security.
Testing labs.
Testing labs are used to test new applications, operating systems, update patches, and other
applications. If these tests occur on the main network, it is possible that this testing could inject
a problem into the main system. Segmentation allows for such testing to occur in a secure,
easily controllable environment.
Highlights:
●
●
Segmentation allows for testing to occur in a secure, easily controllable environment.
This type of segmentation protects a network’s production environment.
Security.
One of the primary reasons for performing network segmentation is to increase security.
Segmentation allows network and system administrators to more easily control the flow of data
between systems. Segmentation also allows network and system administrators to more easily
control access to network resources, therefore creating more security.
Highlights:
●
●
Security is one of the main reasons to perform network segmentation.
It allows network and systems administrators to more easily control the flow of data
between systems and to control access to network resources.
Honeynets.
An example of segmentation for security is using honeynets. Honeynets are network segments
that are created with the sole purpose of attracting any network attacks through the
implementation of multiple honeypots.
Honeypots are systems that are configured to be attractive to network attackers, helping to draw
attackers away from the main network systems and into the honey net. The network segment of
honeypots allows the main network to remain secure and gives network administrators an
opportunity to study an attack, including the methods of entry, so that countermeasures can be
developed to prevent future breaches.
Highlights:
●
●
Honeynets are network segments created for the sole purpose of attracting any network
attacks through the use of multiple honeypots.
A network segment of honeypots allows the main network to remain secure, and gives
network administrators the opportunity to study attacks and develop countermeasures to
prevent future breaches.
SCADA (Supervisory Control and Data Acquisition) systems.
A system that should definitely be segmented is a SCADA (supervisory control and data
acquisition) system. A SCADA system is the most widely used industrial control system (ICS).
An industrial control system uses coded signals over communication channels to provide control
over remote equipment. The systems are commonly used in industrial applications to monitor
and control systems.
Utility companies often use SCADA systems to control their operations through the use of DCS
(distributed control system) networks. The DCS allows for the control of multiple SCADA
systems from a single location. The Stuxnet virus was originally designed to attack SCADA
systems and can spread through the DCS, leading to more damage from the virus.
Segmentation of the DCS will limit the amount of damage caused by such a virus attack on
industrial processes.
Highlights:
●
●
●
●
SCADA represents the most widely used ICS.
Utility companies often use SCADA systems to control their operations through the use
of a DCS network.
The Stuxnet virus attacks SCADA systems and can spread through the DCS, leading to
more damage from the virus.
Segmentation of a DCS will limit the amount of damage caused by such an attack on
industrial processes.
What was covered.
The OSI model and segmentation.
Segmentation is taking a single system or network and breaking it into smaller discrete units.
Network segmentation can occur at various levels of the OSI model. At Layer 1, the
segmentation is physical (completely separate cable runs and network hardware). At layers 2
and 3, the segmentation is logical (the segmentation occurs through programmable
configurations).
Reasons for segmentation.
There are many reasons for segmenting networks and systems, including compliance with
regulations, optimizing network performance, creating high performance networks, improving
security, creating honeynets, and securing and isolating SCADA systems.
Related documents
d etermining the confine wound in skin cancer using segmentation
d etermining the confine wound in skin cancer using segmentation
The Four Ps of Marketing - Hale
The Four Ps of Marketing - Hale
Segmentation Effective business development strategies most often
Segmentation Effective business development strategies most often
Role Play: Toy Company Intern - West-MEC
Role Play: Toy Company Intern - West-MEC
Chapter 2 Principles of Marketing
Chapter 2 Principles of Marketing
1.1.2 HOMEWORK B DUE IN 27th SEPTEMBER 31.32 KB
1.1.2 HOMEWORK B DUE IN 27th SEPTEMBER 31.32 KB
3D Lung Fissure Segmentation in TC images based in Textures
3D Lung Fissure Segmentation in TC images based in Textures
MARKETING CONCEPTS
MARKETING CONCEPTS
Market Segmentation
Market Segmentation
Marketing Foundations - Rowan County Schools
Marketing Foundations - Rowan County Schools
Basic Marketing Concepts
Basic Marketing Concepts
SEM I - CONTENT/TEACHING OUTLINE
SEM I - CONTENT/TEACHING OUTLINE
Basic Marketing Concepts
Basic Marketing Concepts