discussion
alokreddy
bipin.docx13 hours ago
BIPIN NEUPANE
Week3_Discussion
Top of Form
Before we look into how separation within a network is facilitated, let’s look at two broader things – network segmentation and separation. Network segmentation includes the breaking down of the entire network structure into separate bits and pieces that allow individual levels of security control. On the other hand, network separation means using various access controls and security measures to allow/disallow connections among the segmented smaller networks.
If we look at it technically, we all know that we have firewalls installed on our personal as well as corporate computers and other devices. Similarly, servers hosting the internet at the worksite also do have the software and hardware level firewalls installed that offer added security. This firewall helps separate custom separation and offers network separation. Separation layers help keep the intruders away as well as promote safety and limit the control of access and network movement over the corporate network environment. The reduction of network attacks and removal of unwanted access helps mute the risk of system failures and security breaches.
Segmentation and separation not only limit attackers from moving one sub-network to another using firewall separation but also limit the scope of the security breach and buys additional time for the corporate to deploy countermeasures, so the rest of the network is not accessed (Metivier, 2017). Another technical control is that by implementing the least privilege policy, access can be given to employees only for essential roles (Metivier, 2017). It helps prevent attacks from insiders also. Additionally, events are logged, internal connections (regardless of whether they were permitted) are monitored, and suspicious behavior is attacked using firewalls. Also, with the reduction of unwanted access and traffic, the performance of network systems can be boosted (Metivier, 2017). With the introduction of IPv6, there are even better ways to implement the network separation with the ‘Quarantine Model’ that helps fit network nodes to individual network segments and deploy different security policies on each sub-network. Therefore, even as technology grows, adapted, and updated versions of network segmentation can always be achieved to arrive at the optimum security measures (Suzuki & Kondo, 2005).
In my experience, a company that allows the network connection to 7000 employees will have a challenging time managing the security and firewall without segmentation and separation. Only then management, diagnosis, individual security measures can be implemented for the most optimum protection and access sought by the company. Optimum network separation helps motivate the practices of zero access by default, least privilege policy, among many others, and helps maintain security structure and rules to prevent security access, monitoring, and unwanted access to computers, internal systems, and private databases. Therefore, although there are a few concerns such as operation costs, antispoofing concerns, and concerns of encryption management with various models such as the quarantine model, it is safe to say that network separation is an exceptional technical control (Suzuki & Kondo, 2005).
References
Metivier, B. (2017). The Security Benefits of Network Segmentation. https://www.tylercybersecurity.com/blog/the-security-benefits-of-network-segmentation
Suzuki, S., & Kondo, S. (2005). Dynamic Network Separation for IPv6 Network Security Enhancement. https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1619969
Bottom of Form
