There is a rising trend in network segmentation for compliance purposes, such as adhering to PCI compliance among network administrators. If you store sensitive user information such as credit card numbers, you are affected by PCI Compliance. What if, though, you could leverage NetFlow data to show that the servers, that store such information, are segmented on your network? Being able to show that you have full visibility into your network and that you have protected sensitive information can be a huge relief when you are asked to show PCI compliance. You can view an example of Network Segmentation and compliance on a document put out by Cisco that does a great job illustrating how compliance and segmentation tie in together.
Let’s look at our incident response system and set up reports for network segmentation using IP groups of our departments. In this example I have created a group of IPs of each individual PC in the Sales department, I can also create a group of critical servers or an individual IP address of the server with sensitive data that I want to make sure never communicate to an unauthorized group.
If we create a report on our core switch and add filters for our groups that we created we can then see reports with communications between the servers and our employees in this department. Normally, we would want to see an empty report when the report is run, as we do not want there to be communication with this server from this group. Therefore, we can set another filter, this time a threshold, low enough that any traffic would trigger an alert.
Even better, we can create a policy that if there is ever traffic on this report, we can have an email be triggered to send to management or in the case of my example, we will email all of the Network Admins. Perhaps having this quick response exceeds your PCI Compliance requirements for your business. Having the ability to show that you have measures already in place to give you a heads up when someone on the network starts playing outside of their “sandbox”.
Not only is this useful for PCI compliance, but we can also benefit from network segmentation in the HVAC community in regards to SCADA systems. One of my colleagues wrote a great blog discussing the benefits of securing your SCADA systems. As the blog mentions, ideally these systems would be offline, but having a report that shows any internal communication gives you even more control. Knowledge is power and having greater visibility is possible with NetFlow because we are seeing 100% of the data.
If you have an incident response system and are looking to segment your network for compliance, give call us a call at Plixer.