New We plan on releasing bi-monthly edits and updates to the OS-CFDB project! Please check out the search function!

Inadequate Network Segmentation

4

VSR

6.0 – 7.9

CVSS

High

Risk

OS-CFDB-1003

ID

Finding Metadata

Finding Service(s)

Service
Internal Penetration Testing
External Penetration Testing

NIST 800-53 Control(s)

NIST
SC-32
SC-7

Finding Development

Author Name Twitter Handle Email Created Updated

Technical Information

Description

The technical overview of a finding, not meant to be all-inclusive.

The assessment team discovered that portions of the network have inadequate security boundaries. Improper network segmentation can allow unauthorized traffic to reach unattended destinations. This type of network architecture may be suitable for normal operations but lacks the security needed for critical business functions.

Impact

How a finding result will affect an organization.

This ability to move traffic from a low security to a high-security boundary may allow an attacker to escalate privileges or access critical business data. If an attacker can locate firewall misconfigurations or crossing boundaries, they may be able to communicate to high-value targets within a secure enclave.

Recommendation

Current plan of action recomended.

Configure internal firewalls and network infrastructure to isolate traffic to areas of the network as necessary. Network segmentation should take into account where more sensitive administrative or operational information resides, and bias toward protection of that data. If this is not possible an audit should be conducted and a risk assessment to determine a functions balance of security and operations.