Following on from his recent Security Management 201 video which provides some key tips to help you easily define, simplify and enforce network segmentation and security zoning, Professor Wool has now produced a new video on how to structure your security policy in a segmented network.
You’re in no doubt familiar with Virtual Local Area Network (VLAN) technology and its ability to segment traffic within your network. It’s one of those decades-old technologies that businesses have come to rely on to reduce costs, minimize network broadcast domains, and protect certain systems from others. It sounds good on paper but it’s rare to see a VLAN environment that’s truly configured in the right way in order to realize its intended benefits.
Continuing our recent focus on network segmentation, this week's network security tip comes from Charles Riordan, Managing Consultant at Check Point:
“Build and deploy “for-purpose” specific security gateways based on a security zones approach, taking in zones’ access of greater trust the deeper one gets into the architecture. Look for and implement monitoring of these gateways from a security/compliance posture (status) in a 24×7 paradigm with alerting and reporting capabilities. Only deploy specific functional protections – thus eliminating over-use of resources, etc…”
So we’ve made it to the last part of our blog series on PCI 3.0 Requirement 1. The first two posts covered Requirement 1.1 (appropriate firewall and router configurations) and 1.2 (restrict connections between untrusted networks and any system components in the cardholder data environment) and in this final post we’ll discuss key requirements of Requirements 1.3 -1.5 and I’ll again give you my insight to help you understand the implications of these requirements and how to comply with them.
We’ve now reached part two of our three part series on PCI Requirement 1. In our previous blog post we reviewed the 1.1 sub-requirement which covers firewall and router configurations. In this post move on and take a detailed look at PCI Sub-requirement 1.2: Build firewall and router configurations that restrict connections between untrusted networks and any system components in the cardholder data environment.