Why you need to segment your network for security

Pen tester Mark Wolfgang argues segmenting for security is a key piece of an overall defense-in-depth strategy. Here he explains why and how to accomplish it in your organization (registration required)

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

My job over the last thirteen years as a penetration tester has given me a unique understanding of security from an attacker's point of view. I have conducted hundreds of penetration tests on organizations ranging from Federal government nuclear weapons labs, to banks, city governments, and practically everything in between. I know what makes an attacker's job easy, and what makes it difficult or practically impossible. I am oftentimes surprised that in 2014, I can gain access to one server or workstation, and use it to traverse the entire network, unhindered at the network layer.

[Security tactic might have helped battle foreign ministry hacks]

I'm shocked that close-circuit television (CCTV) systems, alarm systems, building access control systems, and manufacturing process control systems are just "hanging out" on the corporate network for all to see. I recently conducted an assessment on a very large city. They had a flat and permissive internal network, meaning there were virtually no barriers between their different systems.

To continue reading this article register now