NETWORK SEGMENTATION AND ISOLATION 1

Network Segmentation and Isolation

Capella University

IAS5025 - Network and Operating System

Feb 14, 2019

NETWORK SEGMENTATION AND ISOLATION 2

Abstract
With the rate at which cyber attacks are launch daily against enterprise network system by

individual attackers, organized hackers and state-sponsored attackers. With the motivation of

financial gains, intellectual property, political statement, and terrorism. Designing a network

diagram that will caretaker for my technical requirements, regulatory compliant, business

mission and customer goodwill experience.

This paper has a “network diagram which my network system requirements need. this

paper, we will discuss isolation and segmentation in securing network design. The paper will

review border security controls and effective DMZ as part of secure network design.” (Capella,

2019 para 19).

Keywords: network program, demilitarized zone, network system requirements, isolation,

segmentation, security controls, secure network design.

NETWORK SEGMENTATION AND ISOLATION 3

Table of Content

 Cover Page,

 Abstract.

 Table of Content.

 Introduction/ Body

 Conclusion

 References
NETWORK SEGMENTATION AND ISOLATION 4

Unit 6 Virtual Lab 1

Microsoft Word
Document
NETWORK SEGMENTATION AND ISOLATION 5

Introduction

Network Diagram
NETWORK SEGMENTATION AND ISOLATION 6

What my network diagram seeks to address as in the network technical needs for places

in the network for wide area network, the edge, the cloud computing, campus connections,
NETWORK SEGMENTATION AND ISOLATION 7

internet access and security, data center, this network diagram will guide the enterprise network

system architecture implementation for the type of business flow for the edge locations and

branch, what are the expected network system threats and what will be my enterprise network

system security capabilities. In Cisco safe architecture outline (2018) it outlines what should be

my network system business flow network system security architecture which contains

management access and controls, the network system capabilities for security intelligence, will

the network diagram its implementation on the network system architecture be regulatory

compliance, offering all the technical needs and segmentation services for categories of the data

being generated (CISCO, 2018, p 11-13)? What are my network system countermeasure for

threats defense, domains and security services?

By isolation and segmentation, we are defining the kind of user groups to resources

relationships, making a lot secure for dedicate network system resources into various zones by it

define security controls requirements and policies. Cisco (2018) says that we are able to define

multiples network system security layers with network system management rules and policies in

the architecture. Base on the business processing and technical requirements needs. To proper

isolate and segment in the network system parameter defense from the business objectives for

portability and productivity. Also, the various application and operating system security, also

taken into account the various types of users and data categories mobility. The visibility and

monitoring of data for the data- determined segmentation outline which takes into account the

users, devices, systems, application, and operating system. Since in the secure network design

will also support external, demilitarized cone, guest/wireless access point, the network system IT

management, the data center servers’ zone, the VOIP zone, network system security zone,

organization physical security zone technologies and the organization industrial controls zones
NETWORK SEGMENTATION AND ISOLATION 8

(CISCO, 2018, p 4-7).

Implementing the border security controls of the network diagram design which will

show in the business impact policy document for the disaster recovery or business continuity

plan. The border security control of wireless and guest access point security control of security

layer for authentication for MAC address which is adding another layer for security against the

packet sniffers. Also, Ted, (2005) emphasis on disabling SSID broadcast which makes it a bit

difficult for wireless to broadcast its identification. Using a virtual private network for the access

point to the firewall with IDS/IPS for the parameter defense. Since within the various zones,

there are connections for the internet to public DMZ with access to the DMZ server or mail

relay, within public DMZ connections there is access to Public web server, internet connection to

extranet DMZ there is also access to SSL proxy, extranet server. Also, the connection to the

extranet DMZ secure server. Where from the public DMZ to internal network there is a

connection for the mail server, the connection from the extranet to the database DMZ and

internal network? In the overall network diagram design, there is a hub-and-spoke plan in

making sure there is internet access to the WAN. Enough border defense for the application

patching and updates, network system devices configurations, border router with firewalls with

either rules or IDS/IPS and information security governance to that effect in the hardening of

border defense (Ted, 2005, p 5-9).

In having effective DMZ for secure network system plan we have the attributes of DMZ

which offers security and regulatory compliance and availability of service functions such as

support the internal network diagram clients and services, DNS, website services and internal

users’ services. Of the effective DMZ attributes are offer the service of remote access of the SSL,

IPSEC there security policies which are enforced security control for restricted access network
NETWORK SEGMENTATION AND ISOLATION 9

resources availability and allocation to user roles. Not overly permissive with firewall rules is the

security of the network system devices in internet access should not be a problem (Scott, 2001, p

7-11).
NETWORK SEGMENTATION AND ISOLATION 10

References

Capella University, 2019, Course room, unit 5, network segmentation and isolation, Date

Retrieved 02/16/ 2019,

https://courserooma.capella.edu/webapps/blackboard/content/listContent.jsp?course_id=_

162482_1&content_id=_7268977_1&mode=reset

Cole, E. (2013). Network Security Essentials. Date Retrieved 02/16/ 2019,

http://www.sans.edu/research/security-laboratory/article/401-tnetwork-types#otherlinks

Scott Youn, (2001) Designing a DMZ, SANS, Date Retrieved 02/16/ 2019,

https://www.sans.org/reading-room/whitepapers/firewalls/designing-dmz-950

Ted Franger, (2005) SANS, Secure Perimeter Network Design for GIAC Enterprises, Date

Retrieved 02/15/ 2019, https://www.sans.org/reading-room/whitepapers/infosec/secure-

perimeter-network-design-giac-enterprises-1622

CISCO, (2018), SAFE, Places in the Network: Secure Internet Edge, Date Retrieved 02/17/

2019, https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-

security/safe-architecture-guide-pin-secure-internet-edge.pdf
NETWORK SEGMENTATION AND ISOLATION 11