Network Segmentation

Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network. Configure separate virtual private cloud (VPC) instances to isolate critical cloud systems.

Techniques Addressed by Mitigation

Domain ID Name Use
Enterprise VT0003 Exploit Public-Facing Application

Segment externally facing servers and services from the rest of the network with a DMZ or on separate hosting infrastructure.



Created: 01 December 2020

Last Modified: 01 December 2020