Businesses sometimes have air conditioning systems, light controllers, music, VoIP phones, and similar devices connected to their network. If an attacker successfully breaks into any of those devices, the attacker can use them as a platform to launch attacks against your computers and servers.
Last week we discussed the extreme importance of segmenting the VPN connections to protect your network in case a bad actor compromises a VPN user’s computer. While your IT team is segmenting the VPN users away from the rest of your network, they have an opportunity to perform other segmentation to help secure your network. For example, talk with them about segmenting your VoIP phone system away from your computer network. If an attacker breaks into your phone system, they aren’t necessarily able to access your HR files and customer records because the data is in a different segment.
First, do not let plans to create multiple segments delay your team in isolating the VPN connections ASAP to help protect your network if an attacker compromises a remote worker’s computer.
Second, Creating too many segments can create a network management burden. Five to ten filtered segments can add security for even small networks. Some organizations segment networks for computers in different buildings, business departments, remote locations, etc., and need even more.
Common segments include, and you can ignore the numbers because IT professionals know about those for you:
10.1.1.0 – Primary Network
10.1.2.0 – VPN Connections
10.1.3.0 – VoIP (Voice over IP) phones
10.1.4.0 – Security Cameras, air conditioning system, fire alarm system, etc.
10.1.5.0 – Wireless Network
10.1.6.0 – A strongly filtered segment for old computers that use unsupported operating systems until you upgrade, replace, or remove those instances.
Please forward this to your executive friends so they can communicate with their IT professionals about splitting their network into filtered segments to help stop hackers from installing ransomware and stealing data.