As part of the Microsoft Cybersecurity Analyst Professional Certificate, the following exercise was to be completed.
Imagine you are a part of the IT team at the headquarters of Sam’s Scoops located in a single office building. The organization’s network is comprised of 10 office computers, 3 servers containing sensitive data, 15 employee smartphones and tablets, and 20 IoT (Internet of Things) devices, including printers, security cameras, and smart TVs. There is also a finance department with 4 additional computers that handle confidential financial information. As a new initiative to strengthen the security of the network, your task is to create a network segmentation plan.
STEP 1: Identify and mark the most important devices, especially those that handle sensitive data, like servers and finance computers. Important devices below identified in bold.
- 10 office computers
- 3 servers containing sensitive data. For obvious reasons, these devices should be secured
- 15 employee smartphones and tablets
- 20 IoT devices (printers, security cameras, smart TVs)
- 4 computers for the finance department. These devices need to be isolated and require high security
STEP 2: Proposed network segmentation
Network 1: servers
Network 2: office computers
Network 3: Finance computers
Network 4: smartphones and tablets
Network 5: IoT devices
STEP 3: develop a plan that explains how you will segment the network and consider what firewall protection is required
Network 1: servers. Firewall rules to allow only necessary communication with other segments.
Network 2: office computers. Firewall configuration should block any communication to and from other segments other than segment 1, which should be limited to only necessary access.
Network 3: Finance computers. This segment should be configured in the same way as Network 2. Only necessary access to servers and no communication with other networks. An additional firewall will further protect this network from unauthorised access.
Network 4: smartphones and tablets. Limited access to servers and no access to other segments
Network 5: IoT devices. Completely isolated.
STEP 4: identify potential benefits and drawbacks of this setup
I identified the following as benefits:
- this plan ensures good security by isolating each network and limiting access to sensitive data
- this setup means that traffic is separated, which shoulld translate into good performace
A drawback is the slight complexity that requires more resources, and also possible issues with communicating ebtween different networks.