Your internal network has to be a prominent consideration when planning your information security. Your network carries sensitive data and is the primary route an attacker uses to navigate between your assets. Due to this it should receive special considerations and security should be designed into it from the beginning. This blog post is aimed at covering the 27001 standard but network security has its own separate standard i would highly recommend reading details on how to build controls around your network security. Segmentation, access controls, encryption, detection and more are just some of the tools we use.
Your network is how your staff and users access your information systems. That same network, if not adequately protected can allow a malicious user to try and compromise your environment, or if an asset is already compromised to more easily move around. There are many ways to protect your network and the level of protection should depend on your environment. Access should be restricted and controlled to protect against misuse and abuse. ISO 27033 discusses network security in detailed and should be reviewed in relation to this control category.
In addition to segmenting you network you should include additional controls such as firewalls to control access, NAC’s and filtering to restrict access to approved users/devices and NIDS and NIPS to monitor for abuse. Other tools can be used and should any service contracts your company enters into should include requirements for protection levels.
All organizations can benefit from network segmentation. This could be something as simple as
Your network should be divided into subsections based on the users, application type and classification of data held in that environment. There are many ways the segment the network such as using VLANs or firewalls and time should be spent to plan out this segregation to ensure optimal protection and separation.