Question 1

How to start network segmentation for a small company?

Accepted Answer

This guide suggests starting with Level 1 basic segmentation, which isolates production from corporate networks but requires robust monitoring tools. However, small companies might find even Level 2's infrastructure duplication too costly and complex, as noted in the disadvantages.

Question 2

Network segmentation vs Zero Trust: which should I use?

Accepted Answer

This project focuses on traditional network segmentation with progressive maturity levels, while Zero Trust is a model based on continuous verification. The cheat sheet doesn't directly compare them, so organizations might need to evaluate based on their specific security needs and infrastructure, possibly combining both approaches.

Question 3

How to implement air-gapped segmentation like Level 4?

Accepted Answer

Level 4 involves creating isolated computers with no inbound access except via VPN and no outbound access to corporate services, as shown in the diagram. Implementation requires additional hardware like separate workstations and network equipment, along with security controls such as privileged access management.

Question 4

What security tools are needed for Level 3 segmentation?

Accepted Answer

Level 3 recommends implementing security services such as SOC (SIEM, IRP), DLP, IPS, vulnerability scanners, and endpoint protection, listed in the README. However, it doesn't specify vendors or setup steps, so further research is needed for tool selection.

Question 5

Cost of achieving advanced network segmentation?

Accepted Answer

The project acknowledges high costs at Levels 3 and 4, including expenses for security tools, duplicated infrastructure, and specialized personnel. It emphasizes balancing protection gains against implementation complexity and budget, with examples like needing two computers per desktop in Level 4.

Question 6

How to protect against lateral movement in networks?

Accepted Answer

This cheat sheet addresses lateral movement by segmenting networks to limit attacker access. For instance, Level 2 adds more segments and duplicates services, while Level 4 uses air-gapping to prevent corporate compromises from affecting production, as described in the attack vector analysis.

Network-segmentation-cheat-sheet

What is Network-segmentation-cheat-sheet?

Overview

Use Cases

Best For

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions