Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network. Configure separate virtual private cloud (VPC) instances to isolate critical cloud systems.
Techniques Addressed by Mitigation
|Enterprise||VT0003||Exploit Public-Facing Application||
Segment externally facing servers and services from the rest of the network with a DMZ or on separate hosting infrastructure.
Created: 01 December 2020
Last Modified: 01 December 2020